Letm3through/CVE-2024-39097.md

Created August 22, 2024 14:08

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/Letm3through/1c7a422aa93b587fe63254e06b7f2977.js"></script>
Save Letm3through/1c7a422aa93b587fe63254e06b7f2977 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

CVE-2024-39097.md

CVE-2024-39097: Open Redirect Bypass via `//`

Discovered by: letm3through (Ahn TaeGyu)

Description

There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the url parameter in login path.

Vulnerability Type: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVE Impact Other: Phishing via URL Redirection to Untrusted Site ('Open Redirect')
Attack Type: Remote

Affected Product

Name of affected Product: gnuboard 6
Affected version: =< 6.0.4
Affected Product Code Base: Gnuboard version 6.0.4 and below are affected - Fixed in version 6.0.5

Affected Component

Component: Login Path of Gnuboard 6
Affected source code: dependencies.py
Issue provided with fix PR: gnuboard/g6#582

Attack Vectors

url parameter is vulnerable to open redirect despite having a filter logic.

The filter logic can be easily bypassed with double slashes // as below PoC.

PoC:

http://[DOMAIN]/bbs/login?url=//example.com

Reference

gnuboard/g6#582

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment