| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| Exploit for Open Redirect in Revive-Adserver Revive_Adserver | 22 Jul 202321:49 | – | githubexploit | |
| CVE-2021-22873 | 27 Apr 202309:58 | – | circl | |
| Revive Adserver 输入验证错误漏洞 | 24 Jan 202100:00 | – | cnnvd | |
| Revive Adserver Input Validation Error Vulnerability (CNVD-2021-23389) | 1 Feb 202100:00 | – | cnvd | |
| CVE-2021-22873 | 21 Jan 202119:14 | – | cve | |
| CVE-2021-22873 | 21 Jan 202119:14 | – | cvelist | |
| Revive Adserver: Open redirect in ck.php and lg.php | 19 Jan 202112:51 | – | hackerone | |
| CVE-2021-22873 | 26 Jan 202118:16 | – | nvd | |
| Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect | 24 Jan 202100:00 | – | packetstorm | |
| Open redirect | 26 Jan 202118:16 | – | prion |
id: CVE-2021-22873
info:
name: Revive Adserver <5.1.0 - Open Redirect
author: pudsec
severity: medium
description: Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks.
remediation: |
Upgrade Revive Adserver to version 5.1.0 or later to mitigate this vulnerability.
reference:
- https://hackerone.com/reports/1081406
- https://github.com/revive-adserver/revive-adserver/issues/1068
- http://seclists.org/fulldisclosure/2021/Jan/60
- https://nvd.nist.gov/vuln/detail/CVE-2021-22873
- http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-22873
cwe-id: CWE-601
epss-score: 0.66141
epss-percentile: 0.99182
cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 6
vendor: revive-adserver
product: revive_adserver
shodan-query:
- http.favicon.hash:106844876
- http.title:"revive adserver"
fofa-query:
- icon_hash=106844876
- title="revive adserver"
google-query: intitle:"revive adserver"
tags: cve2021,cve,hackerone,seclists,packetstorm,redirect,revive,revive-adserver,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/ads/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/adserve/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/adserver/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/openx/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/revive/www/delivery/lg.php?dest=http://interact.sh"
- "{{BaseURL}}/www/delivery/lg.php?dest=http://interact.sh"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
# digest: 4b0a004830460221009e8ff3e7e58e0deeefe0b062a232ea0b9d335399c077cb7ef81027becac1b2e4022100a51fc6d2899600b013101482964b2ad5712b11ec4a897dce0d854122f9d890e8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation