The vulnerability exists at “loginSecure.aspx” page with “logretURLNH” parameter, i.e.
When unlogged victims click the URL () above, the Kaneva Sign-in page is displayed. The victims need to enter their username and password. After which, they will be redirected to a webpage different from Kaneva.
My tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.
(1) I will use the following tests to illustrate the scenario I painted above.
The redirected webpage address is “http://www.tetraph.com/essaybeans/street_artists/clark_quay.html“. It’s one of my webpages. We can suppose that this webpage is malicious.