CVE-2021–39425
SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability.
Discovered by: Shifa Cyclewala From Hacktify Cyber Security.
What is Open Redirect?
Open Redirect is a web security vulnerability that occurs when an application redirects users to external URLs without proper validation or sanitization. By exploiting this vulnerability, an attacker can manipulate the redirection process to trick users into visiting malicious websites, phishing pages, or performing other malicious actions.
Bug Description:
To exploit the vulnerability attacker can send a specially crafted request with the following content in the body of the request to redirect to the attacker-controlled domain name (@evil.com”>referuri=@evil.com&login=admin&pwd=admin&lang=en_GB&sesstheme=bootstrap). The application will redirect to evil.com in this case which is a malicious website.
Steps to Reproduce:
Step1: Go to this URL https://localhost/out/out.DocumentChooser.php?form=5f41ac8885d5210dfebb22eabf92add0&folderid=118il5
Step2 : Add this payload [ ‘accesskey=’x’onclick=’alert(1)’//kv0x0&partialtree=0 ]at the vulnerable parameter [folderid=]
Step 3: You will see an XSS alert to confirm the presence of the vulnerability.
LinkedIn:
https://www.linkedin.com/in/shifa
Thank you
Shifa Cyclewala From Hacktify Cyber Security.