Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

URI Obfuscation

Medium
B
Brave Software
Submitted None
Actions:
View on HackerOne
Reported by ajdumanhug

Vulnerability Details

Technical details and impact analysis

HTTP Response Splitting
## Summary: Typically, when obfuscating a URL, you must trick someone into viewing a website they did not want to view by tempting them with something they are familiar with. ## Products affected: Latest Version of Brave in Windows ## Steps To Reproduce: We can trick someone into viewing it like this: http://[email protected] This will make the user think they are going to go to example.com, when really they are going to sample.com. Live POC: https://[email protected]/ They thought they will be redirect to brave.com but the page displays secuna.ph I attached a picture and make sure to focus your eyes in the URL Address. ## Supporting Material/References: {F127608}

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

HTTP Response Splitting