CVE-2015-2863 PoC — Kaseya Virtual System Administrator 输入验证漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-2863.yaml

Associated Vulnerability

Title:Kaseya Virtual System Administrator 输入验证漏洞 (CVE-2015-2863)
Description:Kaseya Virtual System Administrator（VSA）是瑞士卡西亚（Kaseya）公司的一套用于简化和自动化IT服务的IT系统管理平台。 Kaseya VSA中存在开放重定向漏洞。远程攻击者可利用该漏洞将用户重定向到任意Web站点，实施钓鱼攻击。以下版本受到影响：Kaseya VSA 7.0.0.29之前7.x版本，8.0.0.18之前8.x版本，9.0.0.14之前9.0版本，9.1.0.4之前9.1版本。

Description

Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

File Snapshot


 id: CVE-2015-2863

info:
  name: Kaseya Virtual System Administrator - Open Redirect
  author: 0x_Ak

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!