Skip to content

Open Redirect DoorGets CMS 7.0 #5

Open
Open
Open Redirect DoorGets CMS 7.0#5
@rudSarkar

Description

@rudSarkar
rudSarkar
opened on Jun 17, 2017

CVE: 2016-3726

Step to reproduce

  1. Affected Param back=
  2. Full URL http://127.0.0.1/dg-user/?controller=authentification&back=http%3A%2F%2Fexploitlab.ex%2F
  3. Go to login page you will get this type of URL
  4. Now time for Redirect
  5. Change the back= parm URL http://exploitlab.ex/dg-user/?controller=authentification&back=http%3a%2f%2fevil.com%2f
  6. Evil URL Like http://evil.com/ i encode the special charecter.
  7. Now enter the URL in browser and press enter you will see login page.
  8. Now Login using your email password
  9. You will redirected to http://evil.com

Hope it will fix soon.

Thanks & Regards,
Rudra Sarkar

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions