b2evolution 6.11.6 - 'redirect_to' Open Redirect

vendor:

b2evolution

by:

Soham Bakore, Nakul Ratti

6.1

CVSS

MEDIUM

Open Redirect

601

CWE

Product Name: b2evolution

Affected Version From: 6.11.6

Affected Version To: 6.11.6

Patch Exists: YES

Related CWE: CVE-2020-22840

CPE: 2.3:a:b2evolution:b2evolution:6.11.6

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Chrome, Firefox on Windows and Linux

2021

b2evolution 6.11.6 – ‘redirect_to’ Open Redirect

An open redirect vulnerability exists in b2evolution 6.11.6. An attacker can craft a malicious link containing the 'redirect_to' parameter and send it to an unsuspecting user. When the user clicks on the link, they will be redirected to the attacker-controlled domain, which can be used to perform malicious phishing campaigns.

Mitigation:

Upgrade to the latest version of b2evolution, which is 6.11.7.

Source

Exploit-DB raw data:

# Exploit Title: b2evolution 6.11.6 - 'redirect_to' Open Redirect
# Date: 10/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : CVE-2020-22840


--------------------------Proof of Concept-----------------------


1. Send the following link : http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com to the unsuspecting user
2. The user will be redirected to Google.com or any other attacker controlled domain
3. This can be used to perform malicious phishing campaigns on unsuspecting users