From bdf447dd2d28355cc1aec79a788d97f35b97d692 Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Tue, 31 Aug 2021 12:35:08 +0900
Subject: [PATCH] Create  CVE-2021-24288.yaml

---
 CVE-2021-24288.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 CVE-2021-24288.yaml

diff --git a/CVE-2021-24288.yaml b/CVE-2021-24288.yaml
new file mode 100644
index 0000000000..7416ac7600
--- /dev/null
+++ b/CVE-2021-24288.yaml
@@ -0,0 +1,21 @@
+id: CVE-2021-24288
+
+info:
+  name: AcyMailing < 7.5.0 - Open Redirect
+  author: 0x_Akoko
+  description: |
+    When using acymailing to subscribe to a newsletter, you make a POST request with various parameters. Turning that to a GET request and adding the parameters as GET parameters, you can successfully go through with the subscription.
+  reference: https://wpscan.com/vulnerability/56628862-1687-4862-9ed4-145d8dfbca97
+  severity: medium
+  tags: wordpress,cve,cve2021,redirect
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email]=example@mail.com&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://example.com&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym"
+
+    matchers:
+      - type: regex
+        regex:
+          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)example\.com.*$'
+        part: header