Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-10368 PoC — Opsview Monitor Pro 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-10368.yaml
Associated Vulnerability
Title:Opsview Monitor Pro 安全漏洞 (CVE-2016-10368)
Description:Opsview Monitor Pro是英国Opsview公司的一套企业级的网络、服务器和应用程序监控工具。该工具可与Nagios Core、RRDTool等监控系统集成使用。 Opsview Monitor Pro中存在开放重定向漏洞。远程攻击者可通过向/login URI发送‘back’参数利用该漏洞将用户重定向到任意的Web站点,实施钓鱼攻击。以下版本受到影响:Opsview Monitor Pro 5.1.0.162300841之前的版本,5.0.2.27475之前的版本,4.6.4.162391
Description
Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI.
File Snapshot

 id: CVE-2016-10368

info:
  name: Opsview Monitor Pro - Open Redirect
  author: 0x_Akoko
  severity:

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.