2021-12-06 16:38:54 +00:00
|
|
|
id: netsweeper-open-redirect
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Netsweeper 4.0.9 - Open Redirection
|
|
|
|
author: daffainfo
|
|
|
|
severity: medium
|
|
|
|
description: Netsweeper version 4.0.9 was vulnerable to an Unauthenticated and Authenticated Open Redirect vulnerability.
|
2022-04-22 10:38:41 +00:00
|
|
|
reference:
|
|
|
|
- https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
|
2021-12-06 16:38:54 +00:00
|
|
|
tags: netsweeper,redirect
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/webadmin/authportal/bounce.php?url=https://example.com/"
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: regex
|
2021-12-07 08:13:29 +00:00
|
|
|
part: header
|
2021-12-06 16:38:54 +00:00
|
|
|
regex:
|
|
|
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
|