Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-21641 PoC — Flarum 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-21641.yaml
Associated Vulnerability
Title:Flarum 输入验证错误漏洞 (CVE-2024-21641)
Description:Flarum是Flarum社区的一套开源的论坛系统。 Flarum 1.8.5 之前版本存在输入验证错误漏洞,该漏洞源于 logout路由包含一个重定向参数,允许任何第三方将用户从受信任域重定向到任何链接。
Description
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation.
File Snapshot

 id: CVE-2024-21641

info:
  name: Flarum < 1.8.5 - Open Redirect
  author: kking
  severity: medium


...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.