24 matches found
CVE-2024-42353
WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the...
WebOb's location header normalization during redirect leads to open redirect
Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. urlparse however treats a // at the start of a string as a URI without a scheme, and th...
PT-2024-6608
Name of the Vulnerable Software and Affected Versions: WebOb versions prior to 1.8.8 Description: The issue is related to the handling of HTTP Location headers in WebOb, where the urlparse and urljoin functions can be exploited to redirect users to arbitrary URLs. This occurs when the urlparse...
ZeusCart 4 信息泄漏漏洞
No description provided by source. !/usr/bin/env python coding: utf-8 from urlparse import urljoin from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '11111 ' vul ID version = '1' author = 'Disorder' vulDate =...