id: CVE-2023-22432 info: name: Web2py URL - Open Redirect author: DhiyaneshDK severity: medium description: | Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. remediation: | Update to web2py 2.23.1 or higher. reference: - https://github.com/aeyesec/CVE-2023-22432 - https://nvd.nist.gov/vuln/detail/CVE-2023-22432 - https://jvn.jp/en/jp/JVN78253670/ - http://web2py.com/ - http://web2py.com/init/default/download classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-22432 cwe-id: CWE-601 epss-score: 0.03444 epss-percentile: 0.90465 cpe: cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: web2py product: web2py shodan-query: http.favicon.hash:-1680052984 tags: cve,cve2023,web2py,redirect,authenticated http: - raw: - | POST /admin/default/index HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded password={{password}}&send=%5C%2F%5C%2Foast.pro&login= matchers-condition: and matchers: - type: word part: body words: - 'a href="\/\/oast.pro"' - type: word part: location words: - '\/\/oast.pro' - type: status status: - 303 # digest: 4b0a0048304602210094181af904441b5425b69872145024e9b4a0645e61cff94eb07ee39007f753dc022100eb0a94401c8a65a7307f47284392fe5d0d6c7519ae1594f7ad7f251488a6d74b:922c64590222798bb761d5b6d8e72950