CVE-2015-7823 PoC — Kentico CMS 开放重定向漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-7823.yaml

Associated Vulnerability

Title:Kentico CMS 开放重定向漏洞 (CVE-2015-7823)
Description:Kentico CMS是美国Kentico软件公司的一套基于ASP.NET的内容管理系统（CMS）。该系统主要由两大工具组成：Kentico CMS Desk是用于编辑网页中的内容；Kentico CMS Controls是用于编辑和控制网页中各种元素。 Kentico CMS 8.2版本至8.2.41版本的CMSPages/GetDocLink.ashx文件中存在开放重定向漏洞。远程攻击者可借助‘link’参数中的URL利用该漏洞将用户重定向到任意Web站点，实施钓鱼攻击。

Description

Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.

File Snapshot


 id: CVE-2015-7823

info:
  name: Kentico CMS 8.2 - Open Redirect
  author: 0x_Akoko
  severity: medi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!