Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Z-BlogPHP 1.5.2 Open redirect vulnerability #216

Closed
github123abc123 opened this issue Apr 4, 2019 · 2 comments
Closed

Z-BlogPHP 1.5.2 Open redirect vulnerability #216

github123abc123 opened this issue Apr 4, 2019 · 2 comments

Comments

@github123abc123
Copy link

github123abc123 commented Apr 4, 2019

Z-BlogPHP 1.5.2 has an Open Redirect via the zb_system/cmd.php redirect parameter.
Open Redirection vulnerability Technical details:
URL : http://localhost/zblog/zb_system/cmd.php?atc=login&redirect=http://www.baidu.com
code:
case 'login':
if (!empty($zbp->user->ID) && GetVars('redirect', 'GET')) {
Redirect(GetVars('redirect', 'GET'));
}
if ($zbp->CheckRights('admin')) {
Redirect('cmd.php?act=admin');
}
if (empty($zbp->user->ID) && GetVars('redirect', 'GET')) {
setcookie("redirect", GetVars('redirect', 'GET'), 0, $zbp->cookiespath);
}
Redirect('login.php');
break;

First: You need login in,then the vulnerability can run.So we use vulnerability for phishing attacks.
Parameter Name : redirect
Parameter Type : GET
Attack Pattern : http://www.baidu.com

(auth:1521106949@qq.com)

Should there be anything else we can help you with, please do not hesitate to ask.

@zsxsoft
Copy link
Contributor

zsxsoft commented Apr 4, 2019

Duplicated with #209
0071602

@zsxsoft
Copy link
Contributor

zsxsoft commented Apr 4, 2019

还有我求求你们了用中文好不好,你们刷CVE的这些人要么百度翻译,要么写的英语谁都看不懂。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants