id: CVE-2015-2863 info: name: Kaseya Virtual System Administrator - Open Redirect author: 0x_Akoko severity: medium description: | Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. reference: - https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt - http://www.kb.cert.org/vuls/id/919604 - https://nvd.nist.gov/vuln/detail/CVE-2015-2863 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-2863 cwe-id: CWE-601 tags: cve,cve2015,redirect,kaseya metadata: max-request: 2 http: - method: GET path: - '{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me' - '{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me' stop-at-first-match: true matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 # Enhanced by md on 2023/03/21