Advisory by Netsparker
Name: Open Redirection vulnerability in ForkCMS
Affected Software: ForkCMS
Affected Versions: 5.0.6
Vulnerability: Open Redirection
Severity: High
Status: Not Fixed
CVE-ID : CVE-2018-20143
CVSS Score (3.0) : AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Netsparker Advisory Reference: NS-18-032

Technical Details

URL: http://{domain}/{forkcms_path}/{lang}/modules/profiles/login?queryString=
Parameter Name: queryString
Parameter Type: GET
Attack Pattern:

Request Headers

GET /modules/profiles/login?queryString= HTTP/1.1
Host: localhost
Cookie: PHPSESSID=m1k9ccmhmk4htctfo4tdkcg89q; interface_language=en; comment_author=3;

Response Headers

HTTP/1.1 302 Found
Set-Cookie: track=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.localhost; HttpOnly
Server: Apache/2.4.27 (Ubuntu)
X-Content-Type-Options: nosniff
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=79
X-Frame-Options: deny
Content-Type: text/html; charset=UTF-8
Content-Length: 360
Date: Sat, 21 Oct 2017 17:21:36 GMT
Cache-Control: no-cache, private

Advisory Timeline

24th October 2017 - First Contact
31st December 2018 - Advisory Released

Credits & Authors

These issues have been discovered by Omer Citak while testing Netsparker Web Application Security Scanner.

About Netsparker

Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engine’s unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Enterprise. Visit our website for more information.