cve/CVE-2021-22873.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.

POC

Reference

http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/Elsfa7-110/kenzer-templates
https://github.com/K3ysTr0K3R/CVE-2021-22873-EXPLOIT
https://github.com/K3ysTr0K3R/K3ysTr0K3R
https://github.com/d4n-sec/d4n-sec.github.io
https://github.com/merlinepedra/nuclei-templates
https://github.com/sobinge/nuclei-templates

1.4 KiB Raw Blame History

CVE-2021-22873

Description

POC

Reference

Github

1.4 KiB

Raw Blame History