CVE-2023-33405 PoC — BlogEngine 输入验证错误漏洞

Source

https://github.com/hacip/CVE-2023-33405

Associated Vulnerability

Title:BlogEngine 输入验证错误漏洞 (CVE-2023-33405)
Description:Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.

Readme

# CVE-2023-33405

Open Redirection vulnerability identified on BlogEngine.NET CMS (version 3.3.8.0 and earlier) 

If a GET request to default.aspx page contains "years=" within the URL, the application calls a function named "Redirect". 

![1](https://github.com/hacip/CVE-2023-33405/assets/10704979/f5e2306e-dfa8-4754-bd69-aadbe2e63b01)

This function sets several parameters including year, month, date, page and rewrite. Though the date parameter was parsed using the DateTime object, month and year parameters are not getting validated and are being used to construct the rewrite parameter.

![2](https://github.com/hacip/CVE-2023-33405/assets/10704979/f6b0d4c9-3d6d-40d7-9a93-4b2f061b5796)


![3](https://github.com/hacip/CVE-2023-33405/assets/10704979/03ea578d-c1f5-4db7-9754-c09bdb0d0323)



Furthermore, the write and page parameters are getting appended and are being used to redirect the user using HTTP headers.

![4](https://github.com/hacip/CVE-2023-33405/assets/10704979/4c5303a4-e696-403c-ae53-ffd07d3b2ba6)



Since, they were not sanitized, encoded or validated, an attacker can leverage this flaw to redirect the users to an attacker controlled-URL.

![5](https://github.com/hacip/CVE-2023-33405/assets/10704979/141c7fd3-82b5-4c07-af0d-a72de87db977)

File Snapshot


 [4.0K]  /data/pocs/5e02cda257829aaeb2fdf3abc579c56e4d051a9c
└── [1.2K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!