2021-07-13 09:34:42 +00:00
id : CVE-2015-7823
2021-07-12 09:48:37 +00:00
info :
2022-10-10 19:22:59 +00:00
name : Kentico CMS 8.2 - Open Redirect
2021-07-12 09:48:37 +00:00
author : 0x_Akoko
2023-07-11 19:49:27 +00:00
severity : medium
2022-10-10 19:22:59 +00:00
description : Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the installation of malware.
2023-09-06 13:22:34 +00:00
remediation : |
Apply the latest security patches or upgrade to a newer version of Kentico CMS.
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-7823
2022-05-17 09:18:12 +00:00
- http://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html
2024-01-29 17:11:14 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
2022-04-01 08:51:42 +00:00
classification :
2022-09-06 01:33:31 +00:00
cvss-metrics : CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
2023-07-11 19:49:27 +00:00
cvss-score : 5.8
2022-04-01 08:51:42 +00:00
cve-id : CVE-2015-7823
2022-09-06 01:33:31 +00:00
cwe-id : NVD-CWE-Other
2023-07-11 19:49:27 +00:00
epss-score : 0.00233
2024-01-29 17:11:14 +00:00
epss-percentile : 0.61409
2023-09-06 13:22:34 +00:00
cpe : cpe:2.3:a:kentico:kentico_cms:8.2:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : kentico
product : kentico_cms
2024-05-31 19:23:20 +00:00
google-query : intitle:"kentico database setup"
shodan-query : cpe:"cpe:2.3:a:kentico:kentico_cms"
fofa-query : title="kentico database setup"
2024-01-14 09:21:50 +00:00
tags : cve2015,cve,kentico,redirect,packetstorm
2021-07-12 09:48:37 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-12 09:48:37 +00:00
- method : GET
path :
2022-06-06 10:40:15 +00:00
- "{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://interact.sh/"
2021-07-12 09:48:37 +00:00
matchers :
- type : regex
2023-07-11 19:49:27 +00:00
part : header
2021-07-12 09:48:37 +00:00
regex :
2022-06-06 10:40:15 +00:00
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
2024-06-01 06:53:00 +00:00
# digest: 4b0a00483046022100e4cb1accc1f6aa60e3abe2a12e593d2018453a73db8d49cfd30df1a5acba3fe202210098b526e82020fb8a4e0d9d4c50a5a3d986ec9ccb5fd2b6e693561b4b66ed3bee:922c64590222798bb761d5b6d8e72950