[Closed, Vulnerabilities disclosed publicly]
Target Audience - Travel & Tour Companies across the globe.
Target Audience - Travel & Tour Companies across the globe.
Surprisingly, Your technology partner & GDS provider Amadeus is vulnerable to severe bugs like SQL injection (blind), Cross site scripting, Open Redirect, CSRF, etc.
More interestingly, it doesn't wants to know about the bugs nor fix them. Multiple of their websites are vulnerable.
JO* Jump Out, I have now started testing their GDS and web service for security vulnerabilities along with ongoing search for bugs in their websites.
An exploiter may send an email to Users of Amadeus GDS across the globe containing links that point towards legit websites of Amadeus IT Group. When clicked, the user may be redirected to Phishing / Malware site or something more creative, focused to steal financial data. We can achieve this by exploiting existing XSS, SQL Injection & Open Redirect vulnerabilities on any of their websites.
No comments:
Post a Comment