Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-49438 PoC — Flask Middleware Flask-security 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-49438.yaml
Associated Vulnerability
Title:Flask Middleware Flask-security 安全漏洞 (CVE-2023-49438)
Description:Flask Middleware Flask-security是Flask Middleware组织的一个基于Python的可为Flask应用提供安全功能的代码库。 Flask Middleware Flask-security Flask-Security-Too 5.3.2及之前版本存在安全漏洞,该漏洞源于允许攻击者通过滥用 /login 和 /register 上的 next 参数,将用户重定向到恶意站点。
Description
An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks ([NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-49438)).
File Snapshot

 id: CVE-2023-49438

info:
  name: Python Flask-Security-Too <=5.3.2 - Open Redirect
  author: ritikc

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.