Huawei open-redirect vulnerability

Mar 26, '16
Author  : dn5
Blog    :
Date    : 28.04.2014.
E-mail  :
Twitter : @dn5__

Vulnerability No. #1

Huawei uniportal located under sub-domain have open-redirect vulnerability in which application takes a parameter and redirects a user to the parameter value without any validation. This vulnerability can lead to medium-to-high risk phishing attacks. This vulnerability can lead to other bugs too. Vulnerability is reported to Huawei and is properly fixed.


To recreate this vulnerability login with your username & password @ huawei official login. Make sure to "Remember password", otherwise exploit is not always successful because of Huawei session. Now, everytime you visit this link[1] you will be redirected to can change redirect parameter to coresponding website you want to redirect to. This vulnerability works out-of-box on whole /www/ scope. Be sure to check video at the end of proper PoC.



Check if parameter redirect have value of unknown host and make sure to properly sanitize input of the parameter.