From 5e7ae851f15ee741a091707e34cf483edfe8985a Mon Sep 17 00:00:00 2001
From: pudsec <pudsec@gmail.com>
Date: Sun, 24 Jan 2021 19:37:25 +0800
Subject: [PATCH 1/2] Added CVE-2021-22873

---
 cves/2021/CVE-2021-22873.yaml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 cves/2021/CVE-2021-22873.yaml

diff --git a/cves/2021/CVE-2021-22873.yaml b/cves/2021/CVE-2021-22873.yaml
new file mode 100644
index 0000000000..9972134f1c
--- /dev/null
+++ b/cves/2021/CVE-2021-22873.yaml
@@ -0,0 +1,27 @@
+id: CVE-2021-22873
+
+info:
+  name: Revive Adserver < 5.1.0 Open Redirect
+  author: pudsec
+  severity: low
+  description: Open Redirect on Revive Adserver < 5.1.0
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ads/www/delivery/ck.php?ct=1&dest=http://example.com"
+      - "{{BaseURL}}/adserve/www/delivery/ck.php?ct=1&dest=http://example.com"
+      - "{{BaseURL}}/adserver/www/delivery/ck.php?ct=1&dest=http://example.com"
+      - "{{BaseURL}}/openx/www/delivery/ck.php?ct=1&dest=http://example.com"
+      - "{{BaseURL}}/revive/www/delivery/ck.php?ct=1&dest=http://example.com"
+      - "{{BaseURL}}/www/delivery/ck.php?ct=1&dest=http://example.com"
+    redirects: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "<title>Example Domain</title>"
+        part: body

From 865c778d4be425d94fabba85ca527dc213f21b4f Mon Sep 17 00:00:00 2001
From: PD-Team <8293321+bauthard@users.noreply.github.com>
Date: Fri, 29 Jan 2021 23:35:27 +0530
Subject: [PATCH 2/2] few updates

---
 cves/2021/CVE-2021-22873.yaml | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/cves/2021/CVE-2021-22873.yaml b/cves/2021/CVE-2021-22873.yaml
index 9972134f1c..66e7735651 100644
--- a/cves/2021/CVE-2021-22873.yaml
+++ b/cves/2021/CVE-2021-22873.yaml
@@ -4,17 +4,19 @@ info:
   name: Revive Adserver < 5.1.0 Open Redirect
   author: pudsec
   severity: low
-  description: Open Redirect on Revive Adserver < 5.1.0
+  description: Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts.
+  reference: https://nvd.nist.gov/vuln/detail/CVE-2021-22873
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/ads/www/delivery/ck.php?ct=1&dest=http://example.com"
-      - "{{BaseURL}}/adserve/www/delivery/ck.php?ct=1&dest=http://example.com"
-      - "{{BaseURL}}/adserver/www/delivery/ck.php?ct=1&dest=http://example.com"
-      - "{{BaseURL}}/openx/www/delivery/ck.php?ct=1&dest=http://example.com"
-      - "{{BaseURL}}/revive/www/delivery/ck.php?ct=1&dest=http://example.com"
-      - "{{BaseURL}}/www/delivery/ck.php?ct=1&dest=http://example.com"
+      - "{{BaseURL}}/ads/www/delivery/lg.php?dest=http://example.com"
+      - "{{BaseURL}}/adserve/www/delivery/lg.php?dest=http://example.com"
+      - "{{BaseURL}}/adserver/www/delivery/lg.php?dest=http://example.com"
+      - "{{BaseURL}}/openx/www/delivery/lg.php?dest=http://example.com"
+      - "{{BaseURL}}/revive/www/delivery/lg.php?dest=http://example.com"
+      - "{{BaseURL}}/www/delivery/lg.php?dest=http://example.com"
+
     redirects: true
     matchers-condition: and
     matchers: