2021-01-09 14:45:11 +00:00
|
|
|
id: CVE-2019-14223
|
2021-01-10 14:15:36 +00:00
|
|
|
|
2021-01-09 14:45:11 +00:00
|
|
|
info:
|
|
|
|
name: Alfresco Share Open Redirect
|
2021-01-10 14:15:36 +00:00
|
|
|
author: pd-team
|
2021-01-09 14:45:11 +00:00
|
|
|
severity: low
|
2021-02-05 19:44:41 +00:00
|
|
|
tags: cve,cve2019,redirect
|
2021-01-09 14:45:11 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: POST
|
|
|
|
path:
|
|
|
|
- '{{BaseURL}}/share/page/dologin'
|
|
|
|
headers:
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
body: success=%2Fshare%2Fpage%2F&failure=:\\google.com&username=baduser&password=badpass
|
|
|
|
matchers:
|
|
|
|
- type: regex
|
|
|
|
part: body
|
|
|
|
regex:
|
|
|
|
- "(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?google\\.com(?:\\s*)$"
|