Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-22432 PoC — web2py 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-22432.yaml
Associated Vulnerability
Title:web2py 输入验证错误漏洞 (CVE-2023-22432)
Description:web2py是web2py开源的一个免费和开源的全栈企业框架。用于敏捷开发安全的数据库驱动的基于 Web 的应用程序。 web2py 2.23.1之前版本存在安全漏洞,该漏洞源于存在开放重定向漏洞,攻击者利用该漏洞可以通过让用户访问特制的URL重定向到任意网站。
Description
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.
File Snapshot

 id: CVE-2023-22432

info:
  name: Web2py URL - Open Redirect
  author: DhiyaneshDK
  severity: mediu

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.