nuclei-templates/http/cves/2011/CVE-2011-5252.yaml

id: CVE-2011-5252
info:
  name: Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 - Open Redirect
  description: | 
    Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
  author: ctflearner
  severity: medium
  tags: 
     - Orchard 
     - Open redirect
     - web
     - cve2011
  reference:
    - https://www.exploit-db.com/exploits/36493
    - https://nvd.nist.gov/vuln/detail/CVE-2011-5252  
    - https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/
    - https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
  classification:
    cvss-metrics: CVSS:2.0/(AV:N/AC:M/Au:N/C:P/I:P/A:N)
    cvss-score: 5.8
    cve-id: CVE-2011-5252
    cwe-id: CWE-20
    cpe: cpe:2.3:a:orchardproject:orchard:1.3.10:*:*:*:*:*:*:*
  
  metadata:
    max-request: 1

http:
  - method: GET
    path:
      - "{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://www.evil.com%3f"
    
    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$'
      - type: status
        status:
          - 301
          - 302
          - 307
          - 308
        condition: or
Create CVE-2011-5252.yaml Added a New Nuclei-Template CVE-2011-5252 2023-06-11 05:37:20 +00:00			`id: CVE-2011-5252`
			`info:`
			`name: Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 - Open Redirect`
			`description: \|`
			`Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.`
			`author: ctflearner`
			`severity: medium`
			`tags:`
			`- Orchard`
			`- Open redirect`
			`- web`
			`- cve2011`
			`reference:`
			`- https://www.exploit-db.com/exploits/36493`
			`- https://nvd.nist.gov/vuln/detail/CVE-2011-5252`
			`- https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/`
			`- https://exchange.xforce.ibmcloud.com/vulnerabilities/72110`
			`classification:`
			`cvss-metrics: CVSS:2.0/(AV:N/AC:M/Au:N/C:P/I:P/A:N)`
			`cvss-score: 5.8`
			`cve-id: CVE-2011-5252`
			`cwe-id: CWE-20`
			`cpe: cpe:2.3:a:orchardproject:orchard:1.3.10:::::::*`

			`metadata:`
			`max-request: 1`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://www.evil.com%3f"`

			`stop-at-first-match: true`
			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`part: header`
			`regex:`
			`- '(?m)^(?:Location\s?:\s?)(?:https?:\/\/\|\/\/\|\/\\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@])evil\.com\/?(\/\|[^.].)?$'`
			`- type: status`
			`status:`
			`- 301`
			`- 302`
			`- 307`
			`- 308`
			`condition: or`