Skip to content
Nuclei Templates

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

ID: CVE-2017-5871

Severity: medium

Author: 1337rokudenashi

Tags: cve2017,cve,odoo,redirect

Description

Section titled “Description”

An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.

YAML Source

Section titled “YAML Source”
id: CVE-2017-5871


info:
  name: Odoo <= 8.0-20160726 & 9.0 - Open Redirect
  author: 1337rokudenashi
  severity: medium
  description: |
    An Open Redirect vulnerability in Odoo versions <= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.
  impact: |
    Successful exploitation can redirect users to malicious sites, potentially leading to phishing attacks or information theft.
  remediation: |
    Update Odoo to the latest patched version provided by the vendor.
  reference:
    - https://sysdream.com/cve-2017-5871-odoo-url-redirection-to/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-5871
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2017-5871
    cwe-id: CWE-601
    cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Odoo"
    product: odoo
    vendor: odoo
  tags: cve2017,cve,odoo,redirect


http:
  - method: GET
    path:
      - "{{BaseURL}}/web/session/logout?redirect=https://oast.me"
      - "{{BaseURL}}/web/session/logout?redirect=https%3a%2f%2foast.me%2f"
      - "{{BaseURL}}/web/dbredirect?redirect=https%3a%2f%2foast.me%2f"


    stop-at-first-match: true
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4a0a00473045022020526a4a017f0ebf412281aa95a72bf7a4f658c9f0762e3d04f8e7777c27c3aa02210096b1d8f905d0add3542ab88bf2780fff501aecd56d8e99a7d7ddd25f44bcd9ae:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-5871.yaml"

View on Github