CVE-2011-5252 PoC — Orchard ‘ReturnUrl’参数URI重定向漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2011/CVE-2011-5252.yaml

Associated Vulnerability

Title:Orchard ‘ReturnUrl’参数URI重定向漏洞 (CVE-2011-5252)
Description:Orchard 1.0.21之前的1.0.x版本，1.1.31之前的1.1.x版本，1.2.42之前的1.2.x版本，1.3.10之前的1.3.x版本中的Users/Account/LogOff中存在开放重定向漏洞。通过ReturnUrl参数中的URL，远程攻击者利用该漏洞重定向用户到任意网站进行钓鱼攻击。

Description

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

File Snapshot


 id: CVE-2011-5252

info:
  name: Orchard 'ReturnUrl' Parameter URI - Open Redirect
  author: ctflear

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!