header-logo
Suggest Exploit
vendor:
KodExplorer
by:
Rahad Chowdhury
4.1
CVSS
MEDIUM
Open Redirect
601
CWE
Product Name: KodExplorer
Affected Version From: 4.52
Affected Version To: 4.52
Patch Exists: NO
Related CWE: CVE-2024-XXXX
CPE: a:kalcaddle:kodexplorer:4.52
Metasploit:
Other Scripts:
Platforms Tested: Windows 10, PHP 8.2.4, Apache 2.4.56
2024

KodExplorer 4.52 – Open Redirect

An open redirect vulnerability exists in KodExplorer 4.52. By manipulating the 'link' parameter in the URL, an attacker can craft a malicious URL that appears legitimate to redirect users to a different, malicious website upon login.

Mitigation:

To mitigate this vulnerability, validate and sanitize all user-supplied input, especially URL parameters. Implement proper input validation to ensure that the redirect URL belongs to the expected domain.
Source

Exploit-DB raw data:

# Exploit Title: KodExplorer 4.52 - Open Redirect
# Date: 2024-11-08
# Exploit Author: Rahad Chowdhury
# Vendor Homepage: https://kodcloud.com/
# Software Link: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52
# Version: 4.52
# Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56

*Steps to Reproduce:*

1. At first visit this url http://target.com/index.php?user/login&link=.
2. Then use any malicious url in link parameter.
3. your link will be look like:
http://target.com/index.php?user/login&link=https://{site}.com
4. login your account and you will redirect to malicious url.

Navigation

Suggest Exploit

Services By CQR