daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2786 from geeknik/patch-29 

Create CVE-2021-41826.yaml
patch-1
Prince Chaddha 2021-10-05 09:34:43 +05:30 committed by GitHub
parent 10a9c9aede ed07a99242
commit 223d49db9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
cves/2021/CVE-2021-41826.yaml Normal file
View File

@ -0,0 +1,31 @@
id: CVE-2021-41826
info:
name: PlaceOS 1.2109.1 - Open Redirection
author: geeknik
severity: low
description: PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect
reference:
- https://github.com/PlaceOS/auth/issues/36
- https://www.exploit-db.com/exploits/50359
- https://nvd.nist.gov/vuln/detail/CVE-2021-41826
tags: cve,cve2021,placeos,redirect
requests:
- method: GET
path:
- "{{BaseURL}}/auth/logout?continue=//example.com"
matchers-condition: and
matchers:
- type: status
status:
- 302
- 301
condition: or
- type: regex
part: header
words:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'