Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Open Redirection vulnerability in IBM Lotus Notes - exploit.company
header-logo
Suggest Exploit
vendor:
Lotus Notes
by:
5.5
CVSS
MEDIUM
Open Redirection
601
CWE
Product Name: Lotus Notes
Affected Version From: Lotus Notes 6.x
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:ibm:lotus_notes:6.0
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, Mac

Open Redirection vulnerability in IBM Lotus Notes

IBM Lotus Notes is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible.

Mitigation:

Apply the latest patches or updates from the vendor to address this vulnerability. Avoid clicking on suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38852/info

IBM Lotus Notes is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible.

Lotus Notes 6.x is vulnerable; other versions may also be affected. 

The following example POST data is available:

POST /names.nsf?Login HTTP/1.1

Connection: Keep-Alive

%25%25ModDate=xxxxxxxxxxxxxxxx&Username=yyyy+zzzz&Password=aaaaaa&RedirectTo=http://www.example.com&SaveOptions=0&...

Navigation

Suggest Exploit

Services By CQR