.. / CVE-2023-22432

Exploit for Web2py URL - Open Redirect (CVE-2023-22432)

Description:

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

Nuclei Template

View the template here CVE-2023-22432.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-22432.yaml
Copy

References:

http://web2py.com/
https://jvn.jp/en/jp/JVN78253670/
https://nvd.nist.gov/vuln/detail/CVE-2023-22432
https://github.com/aeyesec/CVE-2023-22432
http://web2py.com/init/default/download