New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Advisory from Netsparker - GetSimpleCMS - Open Redirection #1300
Comments
|
Just disclose here |
|
Hello Shawn, Thank you for getting back to us. This vulnerability was identified by Mithat Gogebaka. The details are below, once you start working on a fix, please keep us posted on the status of the fix. We would also appreciate if you can mention us and link to our website (https://www.netsparker.com) in your release announcement content. Open Redirection vulnerability Technical details: URL : http://localhost/GetSimpleCMS-3.3.13/admin/index.php?redirect=http://r87.com/?localhost/ Should there be anything else we can help you with, please do not hesitate to ask. |
|
purposeredirect after login success to original destination bugaccepts arbitrary string from query sanitize
Mitigation / Workaround
if (isset($_GET['redirect'])){
// $cookie_redirect = $_GET['redirect']; // REMOVE
$cookie_redirect = 'pages.php';
} else {
$cookie_redirect = 'pages.php';
} |
|
Possible additional vector, although severity is low as it requires a nonce changedata.php No idea what this is for, it comes from js |
|
@tablatronix What is the status of the fix? |
|
MITRE assigned CVE-2019-9915 for this vulnerability. |
|
Mitigated |
Hello,
While testing the Netsparker web application security scanner we identified a Open Redirection vulnerability in GetSimpleCMS. Can you please advise whom shall we contact to disclose the vulnerability details so it can be fixed?
Please email me at daniel@netsparker.com for the technical details.
Looking forward to hearing from you.
Regards,
Daniel Bishtawi
Marketing Administrator | Netsparker Web Application Security Scanner
The text was updated successfully, but these errors were encountered: