CVE-2024–27592 Open Redirect vulnerability

Nicat Abbasov
3 min readApr 5, 2024

--

This bug was found in Corezoid Process Engine v6.5.0 and was fixed in 6.5.3.

An open redirect vulnerability was found in the login page of the application. Using this vulnerability, hackers can steal credentials by redirecting users to malicious sites or their own sites. Or you can directly redirect to any path within the application and perform actions such as deleting or changing it.

Proof Of Concept

First, we go to the login page and see the url like this.

I decided to change it to another site or IP.

Finally, when the user login correctly, it redirects us to the site we specified.

Attack Scenario

I can show a scenario of how users’ information is stolen. As we know, making a login page for corezoid is very easy. After logging in, the user will not understand what happened and will re-login to our site. I created a site and just changed the name Corezoid Fake login page.

We send a url like this to the victim.

Victim redirect to Fake corezoid site, this working in my localhost.

Victim if login in here, we can steal he’s log information

Impact

By sending links (URLs) to the victim, they can steal their credentials and perform phishing attacks.

References

  1. https://github.com/corezoid/helm/issues/110
  2. https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
  3. https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect

Recommendation

1. Whitelisting : Implement a whitelist of allowed URLs or domains to restrict the destinations that the application can redirect to. This helps prevent attackers from redirecting users to malicious sites.

2. Input validation: Ensure that all user input is properly validated and sanitized to prevent malicious code from being executed.

3. Avoid Dynamic Redirects: Minimize the use of dynamic or user-controlled input in the redirection process. If possible, use static and predetermined URLs to which the application can safely redirect.

4.Content Security Policy (CSP): Implement a CSP to restrict the types of resources that can be executed in a web page.

--

--