| 제목 | Catalyst IT Australia User key authentication 2022081901 Open Redirect |
|---|
| 설명 | Vulnerability Description
Open redirect vulnerability in the "return=" parameter of the url used for the logout function in the moodle plugin "User Key Authentication". An attacker could use this vulnerability to redirect users to arbitrary websites by tricking them into clicking the link.
Impact
By exploiting this vulnerability, the attacker can redirect users/targets to any arbitrary address when clicking on the link.
To Reproduce:
1) Install the plugin "User key authentication" in a test environment where Moodle is running.
2) In your browser, add "/auth/userkey/logout.php?return=" to the address of your test environment, adding any web address after "return=", as in the example below:
http://yourdomain.com/auth/userkey/logout.php?return=http://maliciouswebsite.com
Note: The user does not need to be logged in for the redirect to work.
Fix Suggestion
Adjust the logout function to not allow the user to control where the page is redirected to after logout. |
|---|
| 원천 | ⚠️ https://github.com/Cyber-Wo0dy/report/blob/main/moodle/key_user_authentication/v2022081901/key_user_authentication_open_redirection |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 04. 23. AM 02:44 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 09. PM 04:47 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 308233 [Catalyst User Key Authentication Plugin 20220819 켜짐 Moodle Logout /auth/userkey/logout.php return Redirect] |
|---|
| 포인트들 | 20 |
|---|