CVE-2021–39425

SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability.

Discovered by: Shifa Cyclewala From Hacktify Cyber Security.

Reference:
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect

What is Open Redirect?

Open Redirect is a web security vulnerability that occurs when an application redirects users to external URLs without proper validation or sanitization. By exploiting this vulnerability, an attacker can manipulate the redirection process to trick users into visiting malicious websites, phishing pages, or performing other malicious actions.

Bug Description:

To exploit the vulnerability attacker can send a specially crafted request with the following content in the body of the request to redirect to the attacker-controlled domain name (@evil.com”>referuri=@evil.com&login=admin&pwd=admin&lang=en_GB&sesstheme=bootstrap). The application will redirect to evil.com in this case which is a malicious website.

Steps to Reproduce:

Step1: Go to this URL https://localhost/out/out.DocumentChooser.php?form=5f41ac8885d5210dfebb22eabf92add0&folderid=118il5

Step2 : Add this payload [ ‘accesskey=’x’onclick=’alert(1)’//kv0x0&partialtree=0 ]at the vulnerable parameter [folderid=]

Step 3: You will see an XSS alert to confirm the presence of the vulnerability.

LinkedIn:
https://www.linkedin.com/in/shifa

Thank you
Shifa Cyclewala From Hacktify Cyber Security.