Plexus anblick Digital Signage Management 3.1.13 Open Redirect ≈ Packet Storm
Vendor: Plexus
Product web page: https://www.plexus.es
https://www.plexus.es/wp-content/uploads/2020/06/PLEXUS_ANBLICK.pdf
Affected version: 3.1.13
Summary: Advanced multiplatform digital signage solution. Reproduction of
multimedia content in a visual and impressive way. Adaptable to any use and
to various types of screen or display.
Desc: Input passed via the 'pagina' GET parameter in 'PantallaLogin' script
is not properly verified before being used to redirect users. This can be
exploited to redirect a user to an arbitrary website e.g. when a user clicks
a specially crafted link to the affected script hosted on a trusted domain.
Tested on: Apache Tomcat/6.0.20
Apache-Coyote/1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2020-5573
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5573.php
13.06.2020
--
PoC:
http://192.168.2.51:8080/ANBLICK/PantallaLogin?idioma=EN&pagina=https://www.zeroscience.mk
Gloss