Submit #464029: ruifang-tech Rebuild 3.8.6 Open Redirectinfo

Titleruifang-tech Rebuild 3.8.6 Open Redirect
DescriptionAn open redirect vulnerability exists in the Rebuild 3.8.6 application at the `/user/admin-verify?nexturl=%2Fadmin%2Fsystems` endpoint. The `nexturl` parameter accepts unvalidated input, allowing attackers to redirect users to arbitrary attacker-controlled URLs. This vulnerability can be exploited by tricking any admin user into authenticating, after which they are redirected to a malicious page. Exploitation of this vulnerability could facilitate phishing attacks, credential theft, or other malicious activities by leveraging the trust users place in the legitimate application.
Source⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/OpenRedirect-AdminVerification.md
User
 vastzero (UID 78767)
Submission12/15/2024 04:27 PM (2 months ago)
Moderation12/27/2024 09:45 AM (12 days later)
StatusAccepted
VulDB Entry289383 [ruifang-tech Rebuild 3.8.6 Admin Verification Page /user/admin-verify nexturl redirect]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!