| タイトル | GLPI-Project GLPI 10.0.17 Open Redirect |
|---|
| 説明 | Summary
The endpoint blackgate.us1.glpi-network.cloud/index.php?redirect=/%5Cblackgate.us1.glpi-network.cloud%40bxss.me is potentially vulnerable to URL redirection attacks. This vulnerability allows attackers to redirect users to malicious websites, which can be used for phishing attacks.
Details
The vulnerability lies in the way the endpoint handles URL redirection. By manipulating the redirect parameter, an attacker can redirect users to an arbitrary URL. This can be exploited by crafting a URL that appears to be legitimate but redirects to a malicious site.
Example of the vulnerable code:
// Example code snippet
$redirect_url = $_GET['redirect'];
header("Location: $redirect_url");
exit();
PoC
To reproduce the vulnerability, follow these steps:
Navigate to the vulnerable endpoint: blackgate.us1.glpi-network.cloud/index.php?redirect=/%5Cblackgate.us1.glpi-network.cloud%40bxss.me
Observe that the user is redirected to the specified URL in the redirect parameter.
Impact
This is a URL redirection vulnerability, which can be exploited for phishing attacks. Any user who clicks on a maliciously crafted link can be redirected to a phishing site, potentially compromising their personal information. |
|---|
| ソース | ⚠️ https://github.com/glpi-project/glpi/security/advisories/GHSA-g5fm-jq4j-c2c7 |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2024年11月25日 10:28 (1 年 ago) |
|---|
| モデレーション | 2025年02月25日 16:07 (3 months later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 296809 [GLPI 迄 10.0.17 /index.php redirect Redirect] |
|---|
| ポイント | 20 |
|---|