Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-33405 PoC — BlogEngine 输入验证错误漏洞

Source
https://github.com/hacip/CVE-2023-33405
Associated Vulnerability
Title:BlogEngine 输入验证错误漏洞 (CVE-2023-33405)
Description:BlogEngine是一套开源的ASP.NET博客系统。该系统支持Ajax评论、自定义主题等。 BlogEngine 3.3.8.0及之前版本存在安全漏洞,该漏洞源于容易受到开放重定向的影响。
Readme
# CVE-2023-33405

Open Redirection vulnerability identified on BlogEngine.NET CMS (version 3.3.8.0 and earlier) 

If a GET request to default.aspx page contains "years=" within the URL, the application calls a function named "Redirect". 

![1](https://github.com/hacip/CVE-2023-33405/assets/10704979/f5e2306e-dfa8-4754-bd69-aadbe2e63b01)

This function sets several parameters including year, month, date, page and rewrite. Though the date parameter was parsed using the DateTime object, month and year parameters are not getting validated and are being used to construct the rewrite parameter.

![2](https://github.com/hacip/CVE-2023-33405/assets/10704979/f6b0d4c9-3d6d-40d7-9a93-4b2f061b5796)


![3](https://github.com/hacip/CVE-2023-33405/assets/10704979/03ea578d-c1f5-4db7-9754-c09bdb0d0323)



Furthermore, the write and page parameters are getting appended and are being used to redirect the user using HTTP headers.

![4](https://github.com/hacip/CVE-2023-33405/assets/10704979/4c5303a4-e696-403c-ae53-ffd07d3b2ba6)



Since, they were not sanitized, encoded or validated, an attacker can leverage this flaw to redirect the users to an attacker controlled-URL.

![5](https://github.com/hacip/CVE-2023-33405/assets/10704979/141c7fd3-82b5-4c07-af0d-a72de87db977)
File Snapshot

 [4.0K]  /data/pocs/5e02cda257829aaeb2fdf3abc579c56e4d051a9c
└── [1.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.