Products.PluggableAuthService 2.6.0 – Open Redirect

Exploit Database
15 阅读

作者： Piyush Patil

日期： 2021-06-02
类别：
- webapps
平台：
- Python
来源：https://www.exploit-db.com/exploits/49930/

# Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect
# Exploit Author: Piyush Patil
# Affected Component: Pluggable Zope authentication/authorization framework
# Component Link: https://pypi.org/project/Products.PluggableAuthService/
# Version: < 2.6.1
# CVE: CVE-2021-21337
# Reference: https://github.com/zopefoundation/Products.PluggableAuthService/security/advisories/GHSA-p44j-xrqg-4xrr


--------------------------Proof of Concept-----------------------

1- Goto https://localhost/login
2- Turn on intercept and click on the login
3- Change "came_from" parameter value to https://attacker.com
4- User will be redirected to an attacker-controlled website.

Fix: pip install "Products.PluggableAuthService>=2.6.1"

last Exploits
Products.PluggableAuthService 2.6.0 – Open Redirect的更多信息

Responsive Matrimonial Script 4.0.1 – SQL Injection：
Cisco node-jos < 0.11.0 - Re-sign Tokens：
Getsimple CMS 3.0 – ‘set’ Local File Inclusion：
PHP-AddressBook 6.2.4 – ‘group.php’ SQL Injection：
In4Suit ERP 3.2.74.1370 – ‘txtLoginId’ SQL injection：
sockso 1.5 – Directory Traversal：
HeffnerCMS 1.22 – ‘index.php’ Local File Inclusion：
osCMax 2.5 – ‘/admin/login.php?Username’ Cross-Site Scripting：