Plexus anblick Digital Signage Management version 3.1.13 suffers from an open redirection vulnerability.
bf562e917daa9ca1fb1729d7d32370f054248530dd6bb75e11172adada8c0c4a
Plexus anblick Digital Signage Management 3.1.13 (pagina param) Open Redirect
Vendor: Plexus
Product web page: https://www.plexus.es
https://www.plexus.es/wp-content/uploads/2020/06/PLEXUS_ANBLICK.pdf
Affected version: 3.1.13
Summary: Advanced multiplatform digital signage solution. Reproduction of
multimedia content in a visual and impressive way. Adaptable to any use and
to various types of screen or display.
Desc: Input passed via the 'pagina' GET parameter in 'PantallaLogin' script
is not properly verified before being used to redirect users. This can be
exploited to redirect a user to an arbitrary website e.g. when a user clicks
a specially crafted link to the affected script hosted on a trusted domain.
Tested on: Apache Tomcat/6.0.20
Apache-Coyote/1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2020-5573
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5573.php
13.06.2020
--
PoC:
http://192.168.2.51:8080/ANBLICK/PantallaLogin?idioma=EN&pagina=https://www.zeroscience.mk
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed