Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22873 PoC — Revive Adserver 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22873.yaml
Associated Vulnerability
Title:Revive Adserver 输入验证错误漏洞 (CVE-2021-22873)
Description:Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver 5.1.0 之前版本存在输入验证错误漏洞,该漏洞源于第三方点击跟踪的重定向不可选择。
Description
Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
File Snapshot

 id: CVE-2021-22873

info:
  name: Revive Adserver <5.1.0 - Open Redirect
  author: pudsec
  severity

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.