Thursday, 10 September 2015

Web2py 2.9.11 Open Redirection Vulnerability , CVE-2015-6961

Web2py Open Redirection Vulnerability Technical Details & POC.

# Vulnerability Title : Web2py 2.9.11  Open Redirection Vulnerability
# Reported Date      : 27-Jan-2014
# Fixed Date             : 2-July-2015
#  Author                   : Narendra Bhati
# CVE ID                  : CVE-2015-6961
# Additional Links –

1. Description

Web2py 2.9.11 A Python based framework was vulnerable to Open Redirection Vulnerability

The logout page "" is vulnerable to Open Redirection Vulnerability

We can enter any external URL in "_next" GET parameter , Whenever user will access to this url he will get redirected to external site ( attacker site )  - Authentication Is Not Required To Exploit This.

This can exploited only if we have admin panel credentials

Vulnerable URL

Vulnerable Parameter

2. Proof of Concept

Solution For Web2py Open Redirection Vulnerability

Update to latest version ;)

No comments:

Post a Comment

Featured post

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss, I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deploye...

Popular Posts