header-logo
Suggest Exploit
vendor:
Lotus Notes
by:
5.5
CVSS
MEDIUM
Open Redirection
601
CWE
Product Name: Lotus Notes
Affected Version From: Lotus Notes 6.x
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:ibm:lotus_notes:6.0
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, Mac

Open Redirection vulnerability in IBM Lotus Notes

IBM Lotus Notes is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible.

Mitigation:

Apply the latest patches or updates from the vendor to address this vulnerability. Avoid clicking on suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38852/info

IBM Lotus Notes is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible.

Lotus Notes 6.x is vulnerable; other versions may also be affected. 

The following example POST data is available:

POST /names.nsf?Login HTTP/1.1

Connection: Keep-Alive

%25%25ModDate=xxxxxxxxxxxxxxxx&Username=yyyy+zzzz&Password=aaaaaa&RedirectTo=http://www.example.com&SaveOptions=0&...

Navigation

Suggest Exploit

Services By CQR