Home / exploits JForum 2.1.9 returnPath Open redirect
Posted on 24 September 2013
ZeroDayLab Advisory - CVE-2012-5338 Author: ZeroDayLab Advisories Software Version: JForum version 2.1.9 Platform: Apache Tomcat 7.0.30 Title: Please RT: URL redirection abuse vulnerability found in JForum version 2.1.9 (latest stable version) - Tweet this Criticality: Medium Description: JForum, a popular opensource java forum (http://www.jforum.net) suffers from a URL redirection abuse vulnerability which allows an attacker to redirect an unsuspecting victim to an alterate website. The criticality of this finding is dependent on an attacker being able to create a forum account (which in most cases due to the nature of the product is easily achieved). This is despite the product features page stating the following: Permissions & Security . Robust security system . Advanced HTML filter, for increased security Proof of concept: The following web request against a jforum installation would redirect an unsuspecting user to the site www.zerodaylab.com , which in turn could be made to mimick the original site and either deliver malware to, or fool the user into providing their credentials: http://127.0.0.1/jforum/jforum.page?module=user&action=validateLogin&returnPath=http://www.zerodaylab.com&username=user&password=pass&redirect=&login=Login Tags: URL redirection abuse, Poor Filtering
