CVE-2021-32618 PoC — flask-security 输入验证错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-32618.yaml

Associated Vulnerability

Title:flask-security 输入验证错误漏洞 (CVE-2021-32618)
Description:flask-security是一个应用软件。快速向Flask应用程序添加安全功能。 Flask-Security-Too 存在输入验证错误漏洞，攻击者可以使用合法站点将此类链接发送给不知情的用户，然后将其重定向到他们想要的任何站点。

Description

Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

File Snapshot


 id: CVE-2021-32618

info:
  name: Python Flask-Security - Open Redirect
  author: 0x_Akoko
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!