Snowfox CMS version 1.0 suffers from an open redirection vulnerability.
30be02c518b17b6f7eea2722ad431efc1006f27b4352c635aa289b2c3cb86fa6
Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability
Vendor: Globiz Solutions
Product web page: http://www.snowfoxcms.org
Affected version: 1.0
Summary: Snowfox is an open source Content Management System (CMS)
that allows your website users to create and share content based
on permission configurations.
Desc: Input passed via the 'rd' GET parameter in 'selectlanguage.class.php'
script is not properly verified before being used to redirect users. This
can be exploited to redirect a user to an arbitrary website e.g. when a user
clicks a specially crafted link to the affected script hosted on a trusted
domain.
===========================================================================
\modules\system\controller\selectlanguage.class.php:
----------------------------------------------------
28: if ($results && isset($inputs['rd'])){
29: header("location: ".$inputs['rd']);
30: }
31: return $results;
===========================================================================
Tested on: Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2014-5206
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5206.php
12.11.2014
--
http://10.0.18.3/snowfox/?uri=user/select-language&formAction=submit&rd=http://www.zeroscience.mk&languageId=us-en
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed