2022-02-02 03:43:39 +00:00
id : CVE-2020-36365
info :
name : Smartstore < 4.1.0 - Open redirect
author : 0x_Akoko
severity : medium
description : Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
reference :
- https://github.com/smartstore/SmartStoreNET/issues/2113
- https://www.cvedetails.com/cve/CVE-2020-36365
2022-02-02 21:09:33 +00:00
- https://github.com/smartstore/SmartStoreNET
2022-02-02 03:43:39 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 6.1
2022-02-02 03:43:39 +00:00
cve-id : CVE-2020-36365
cwe-id : CWE-601
2022-02-02 21:09:33 +00:00
metadata :
shodan-query : http.html:'content="Smartstore'
tags : cve,cve2020,redirect,smartstore
2022-02-02 03:43:39 +00:00
requests :
- method : GET
path :
- '{{BaseURL}}/backend/admin/common/clearcache?previousUrl=http://www.example.com'
matchers :
- type : regex
part : header
2022-02-02 21:09:33 +00:00
regex :
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)example\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1