.. / CVE-2011-5252

Exploit for Orchard 'ReturnUrl' Parameter URI - Open Redirect (CVE-2011-5252)

Description:

Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.

Nuclei Template

View the template here CVE-2011-5252.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2011/CVE-2011-5252.yaml

References:

https://exchange.xforce.ibmcloud.com/vulnerabilities/72110
https://nvd.nist.gov/vuln/detail/CVE-2011-5252
https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/
https://www.exploit-db.com/exploits/36493
http://orchard.codeplex.com/discussions/283667

.. / CVE-2011-5252 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Orchard 'ReturnUrl' Parameter URI - Open Redirect (CVE-2011-5252)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2011-5252