Products.PluggableAuthService 2.6.0 Open Redirect – Geekychild



Products.PluggableAuthService version 2.6.0 suffers from an open redirection vulnerability.

MD5 | 4b70535ef74ac82dc36e19572d6af760
# Exploit Title: Products.PluggableAuthService 2.6.0 - Open Redirect
# Exploit Author: Piyush Patil
# Affected Component: Pluggable Zope authentication/authorization framework
# Component Link:
# Version: # CVE: CVE-2021-21337
# Reference:

--------------------------Proof of Concept-----------------------

1- Goto https://localhost/login
2- Turn on intercept and click on the login
3- Change "came_from" parameter value to
4- User will be redirected to an attacker-controlled website.

Fix: pip install "Products.PluggableAuthService>=2.6.1"


Source link

Leave a comment