Lucene search
MaXePACKETSTORM:143229HistoryJul 02, 2017 - 12:00 a.m.
DoorGets CMS 7.0 Open Redirect
2017-07-0200:00:00
MaXe
packetstormsecurity.com
20
0.003 Low
EPSS
Percentile
64.2%
`# Title: Open Redirect DoorGets CMS
# Version: 7.0
# vendor: https://github.com/doorgets/doorGets/
# Tested on: Windows 64-bit
# Author: Rudra Sarkar (@rudr4_sarkar)
# CVE: 2016-3726
1. Affected Param back=
2. Full URL
http://127.0.0.1/dg-user/?controller=authentification&back=http%3A%2F%2Fexploitlab.ex%2F
3. Go to login page you will get this type of URL
4. Now time for Redirect
5. Change the back= parm URL
http://exploitlab.ex/dg-user/?controller=authentification&back=http%3a%2f%2fevil.com%2f
6. Evil URL Like http://evil.com/ i encode the special charecter.
7. Now enter the URL in browser and press enter you will see login page.
8. Now Login using your email password
9. You will redirected to http://evil.com
# Timeline
18-06-17: Reported to the vendor
28-06-17: No reply from vendor
01-07-17: Assigned CVE-2016-3726
`
Related
prion
prion
Open redirect
2016-05-17 14:08:00
ubuntucve
ubuntucve
CVE-2016-3726
2016-05-17 00:00:00
redhatcve
redhatcve
CVE-2016-3726
2016-05-12 08:48:38
veracode
veracode
Open Redirect
2019-05-02 05:34:34
cve
cve
CVE-2016-3726
2016-05-17 14:08:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (e387834a-17ef-11e6-9947-7054d2909b71)
2016-05-12 00:00:00
Fedora 23 : jenkins (2016-9ba53cf8a2)
2016-07-14 00:00:00
Fedora 22 : jenkins (2016-f7e7a6067d)
2016-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: jenkins-1.651.2-1.fc24
2016-05-21 20:52:11
[SECURITY] Fedora 23 Update: jenkins-1.625.3-4.fc23
2016-05-26 21:54:36
[SECURITY] Fedora 22 Update: jenkins-1.609.3-7.fc22
2016-05-26 22:20:29
openvas
openvas
Fedora Update for jenkins FEDORA-2016-9ba53cf8a2
2016-06-08 00:00:00
Jenkins Multiple Vulnerabilities - May16 (Linux)
2016-05-20 00:00:00
Jenkins Multiple Vulnerabilities - May16 (Windows)
2016-05-20 00:00:00
redhat
redhat
freebsd
freebsd
jenkins -- multiple vulnerabilities
2016-05-11 00:00:00