.. / CVE-2022-0692

Exploit for Rudloff alltube prior to 3.0.1 - Open Redirect (CVE-2022-0692)

Description:

An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.

Nuclei Template

View the template here CVE-2022-0692.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-0692.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
https://nvd.nist.gov/vuln/detail/CVE-2022-0692
https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a
https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203

.. / CVE-2022-0692 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Rudloff alltube prior to 3.0.1 - Open Redirect (CVE-2022-0692)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-0692