← Advisories

AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability

Low

Advisory ID

ZSL-2015-5219

Release Date

05 January 2015

Vendor

Insane Visions - http://www.adaptcms.com

Affected Version

3.0.3

CVE

CVE-2015-1060

Tested On

Apache 2.4.10 (Win32), PHP 5.6.3, MySQL 5.6.21

Summary

AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system and MVC setup, allowing us to focus on the details and end-users to focus on building their website to look and feel great.

Description

Input passed via the 'Referer' header field is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Proof of Concept

adaptcms_url.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.com/files/129813

[2]http://www.securityfocus.com/bid/71871

[3]http://cxsecurity.com/issue/WLB-2015010021

[4]http://osvdb.org/show/osvdb/116721

[5]http://xforce.iss.net/xforce/xfdb/99618

[6]http://www.exploit-db.com/exploits/35710/

[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1060

[8]http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1060

Changelog

05.01.2015Initial release

06.01.2015Added reference [1], [2], [3], [4], [5] and [6]

17.01.2015Added reference [7] and [8]