| Title | ruifang-tech Rebuild 3.8.6 Open Redirect |
|---|
| Description | An open redirect vulnerability exists in the Rebuild 3.8.6 application at the `/user/admin-verify?nexturl=%2Fadmin%2Fsystems` endpoint. The `nexturl` parameter accepts unvalidated input, allowing attackers to redirect users to arbitrary attacker-controlled URLs. This vulnerability can be exploited by tricking any admin user into authenticating, after which they are redirected to a malicious page.
Exploitation of this vulnerability could facilitate phishing attacks, credential theft, or other malicious activities by leveraging the trust users place in the legitimate application. |
|---|
| Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/rebuild/OpenRedirect-AdminVerification.md |
|---|
| User | vastzero (UID 78767) |
|---|
| Submission | 2024年12月15日 16:27 (3 月 ago) |
|---|
| Moderation | 2024年12月27日 09:45 (12 days later) |
|---|
| Status | 承諾済み |
|---|
| VulDB Entry | 289383 [ruifang-tech Rebuild 3.8.6 Admin Verification Page /user/admin-verify nexturl Redirect] |
|---|
| Points | 20 |
|---|