exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OrangeForum 1.4.0 Open Redirection

OrangeForum 1.4.0 Open Redirection
Posted Jan 9, 2019
Authored by Omar Kurt | Site netsparker.com

OrangeForum version 1.4.0 suffers from open redirection vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-14474
SHA-256 | 52a54e8dac487a6ef87bc3446a9760fe33265a5c204260d27a24499f6d1144b7

OrangeForum 1.4.0 Open Redirection

Change Mirror Download
Open Redirection Vulnerabilities in OrangeForum 1.4.0

Information
--------------------

Advisory by Netsparker
Name: Open Redirection Vulnerabilities in OrangeForum 1.4.0
Affected Software: OrangeForum
Affected Versions: 1.4.0
Homepage: https://github.com/s-gv/orangeforum
Vulnerability: Open Redirection
Severity: Medium
Status: Fixed
CVE-ID: CVE-2018-14474
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (6.5)
Netsparker Advisory Reference: NS-18-044

Technical Details
--------------------

URL http://app.scan:9123/login?next=http://r87.com/?app.scan/
Parameter Name next
Parameter Type GET
Attack Pattern http://r87.com/?app.scan/

URL http://app.scan:9123/signup?next=http://r87.com/?app.scan/
Parameter Name next
Parameter Type GET
Attack Pattern http://r87.com/?app.scan/

Advisory Timeline
--------------------

15th January 2018- First Contact
26th June 2018 - Vendor Fixed
9th January 2019 - Advisory Released

Credits & Authors
--------------------

These issues have been discovered by Omar Kurt while testing Netsparker Web Application Security Scanner.

About Netsparker
--------------------

Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close