Submit #574825: kanwangzjm funiture master branch Open Redirectinfo

Titelkanwangzjm funiture master branch Open Redirect
BeschreibungIn the project funiture, the endpoint /login.do and /user/login.page lack validation for the redirect URL. The application trusts user-controlled input for redirect targets (HttpServletRequest parameter 'ret') may redirect victims to attacker-controlled domains, facilitating phishing or social engineering attacks. Project Link: https://github.com/kanwangzjm/funiture Affected Version: master branch Affected API: /login.do and /user/login.page Code Location: /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java:32 and /funiture-master/src/main/java/com/app/mvc/acl/controller/UserController.java:25
Quelle⚠️ https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250510-01.md
Benutzer
 ShenxiuSecurity (UID 84374)
Einreichung10.05.2025 02:21 (vor 1 Jahr)
Moderieren16.05.2025 16:37 (7 days later)
StatusAkzeptiert
VulDB Eintrag309306 [kanwangzjm Funiture bis 71ca0fb0658b3d839d9e049ac36429207f05329b Login LoginServlet.java doPost ret Redirect]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!