Lucene search
Piyush PatilPACKETSTORM:162911HistoryJun 02, 2021 - 12:00 a.m.
Products.PluggableAuthService 2.6.0 Open Redirect
2021-06-0200:00:00
Piyush Patil
packetstormsecurity.com
114
`# Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect
# Exploit Author: Piyush Patil
# Affected Component: Pluggable Zope authentication/authorization framework
# Component Link: https://pypi.org/project/Products.PluggableAuthService/
# Version: < 2.6.1
# CVE: CVE-2021-21337
# Reference: https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr
--------------------------Proof of Concept-----------------------
1- Goto https://localhost/login
2- Turn on intercept and click on the login
3- Change "came_from" parameter value to https://attacker.com
4- User will be redirected to an attacker-controlled website.
Fix: pip install "Products.PluggableAuthService>=2.6.1"
`
Related
cve
cve
CVE-2021-21337
2021-03-08 21:15:00
osv
osv
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
2021-03-08 21:06:23
PYSEC-2021-45
2021-03-08 21:15:00
CVE-2021-21337
2021-03-08 21:15:16
github
github
veracode
veracode
Open Redirection
2021-03-10 06:51:14
prion
prion
Open redirect
2021-03-08 21:15:00
zdt
zdt
Products.PluggableAuthService 2.6.0 - Open Redirect Vulnerability
2021-06-02 00:00:00
exploitdb
exploitdb
Products.PluggableAuthService 2.6.0 - Open Redirect
2021-06-02 00:00:00
Related for PACKETSTORM:162911