Title | ruifang-tech Rebuild 3.8.6 Open Redirect |
---|
Description | An open redirect vulnerability exists in the Rebuild 3.8.6 application at the `/user/admin-verify?nexturl=%2Fadmin%2Fsystems` endpoint. The `nexturl` parameter accepts unvalidated input, allowing attackers to redirect users to arbitrary attacker-controlled URLs. This vulnerability can be exploited by tricking any admin user into authenticating, after which they are redirected to a malicious page.
Exploitation of this vulnerability could facilitate phishing attacks, credential theft, or other malicious activities by leveraging the trust users place in the legitimate application. |
---|
Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/OpenRedirect-AdminVerification.md |
---|
User | vastzero (UID 78767) |
---|
Submission | 12/15/2024 04:27 PM (2 months ago) |
---|
Moderation | 12/27/2024 09:45 AM (12 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 289383 [ruifang-tech Rebuild 3.8.6 Admin Verification Page /user/admin-verify nexturl redirect] |
---|
Points | 20 |
---|