Z-BlogPHP 1.5.2 has an Open Redirect via the zb_system/cmd.php redirect parameter.
Open Redirection vulnerability Technical details:
URL : http://localhost/zblog/zb_system/cmd.php?atc=login&redirect=http://www.baidu.com
code:
case 'login':
if (!empty($zbp->user->ID) && GetVars('redirect', 'GET')) {
Redirect(GetVars('redirect', 'GET'));
}
if ($zbp->CheckRights('admin')) {
Redirect('cmd.php?act=admin');
}
if (empty($zbp->user->ID) && GetVars('redirect', 'GET')) {
setcookie("redirect", GetVars('redirect', 'GET'), 0, $zbp->cookiespath);
}
Redirect('login.php');
break;
First: You need login in,then the vulnerability can run.So we use vulnerability for phishing attacks.
Parameter Name : redirect
Parameter Type : GET
Attack Pattern : http://www.baidu.com
Z-BlogPHP 1.5.2 has an Open Redirect via the zb_system/cmd.php redirect parameter.
Open Redirection vulnerability Technical details:
URL : http://localhost/zblog/zb_system/cmd.php?atc=login&redirect=http://www.baidu.com
code:
case 'login':
if (!empty($zbp->user->ID) && GetVars('redirect', 'GET')) {
Redirect(GetVars('redirect', 'GET'));
}
if ($zbp->CheckRights('admin')) {
Redirect('cmd.php?act=admin');
}
if (empty($zbp->user->ID) && GetVars('redirect', 'GET')) {
setcookie("redirect", GetVars('redirect', 'GET'), 0, $zbp->cookiespath);
}
Redirect('login.php');
break;
First: You need login in,then the vulnerability can run.So we use vulnerability for phishing attacks.
Parameter Name : redirect
Parameter Type : GET
Attack Pattern : http://www.baidu.com
(auth:1521106949@qq.com)
Should there be anything else we can help you with, please do not hesitate to ask.
The text was updated successfully, but these errors were encountered: