Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-45328 PoC — Gitea 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-45328.yaml
Associated Vulnerability
Title:Gitea 输入验证错误漏洞 (CVE-2021-45328)
Description:Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea 中存在输入验证错误漏洞,该漏洞源于产品未能判断请求来源于可信用户。攻击者可通过该漏洞向服务端发送非预期的请求。以下产品及版本受到影响:Gitea 1.4.3 之前版本。
Description
Gitea before version 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. The vulnerability exists in the redirect_to parameter used on the login page (/user/login). Due to improper validation of the redirect URL, an attacker can craft a malicious link that redirects authenticated users to an arbitrary external website after login.
File Snapshot

 id: CVE-2021-45328

info:
  name: Gitea < 1.4.3 - Open Redirect
  author: ritikchaddha
  severity: m

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.