| Title | ruifang-tech Rebuild 3.8.6 Open Redirect |
|---|
| Description | An open redirect vulnerability exists in the Rebuild 3.8.6 application at the `/user/admin-verify?nexturl=%2Fadmin%2Fsystems` endpoint. The `nexturl` parameter accepts unvalidated input, allowing attackers to redirect users to arbitrary attacker-controlled URLs. This vulnerability can be exploited by tricking any admin user into authenticating, after which they are redirected to a malicious page.
Exploitation of this vulnerability could facilitate phishing attacks, credential theft, or other malicious activities by leveraging the trust users place in the legitimate application. |
|---|
| Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/OpenRedirect-AdminVerification.md |
|---|
| User | vastzero (UID 78767) |
|---|
| Submission | 12/15/2024 04:27 PM (1 Year ago) |
|---|
| Moderation | 12/27/2024 09:45 AM (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289383 [ruifang-tech Rebuild 3.8.6 Admin Verification Page /user/admin-verify nexturl redirect] |
|---|
| Points | 20 |
|---|