Exploit Title: NEProfile - Host Header Injection
Vendor Homepage: https://seczetta.com
Software Link: https://seczetta.com/product/ne-profile
Tested on: 3.3.11
Exploit Author: Josh Sheppard & Bryan Clements
Exploit Contact: ghost () a t undervurse dot_com & mavr1ck2020 a t protonmail dot_com
Exploit Technique: Remote
CVE ID: CVE-2020-12855
A host header injection vulnerability has been discovered in SecZetta's NEProfile product. Authenticated remote adversaries can poison the host header resulting in the attacker controlling response 302 execution flow.
The issue affects version 3.3.11 and has not been tested on other versions of the product.
2. Disclosure Timeline
5/4/20 - Discovery and Exploitation
5/12/20 - Vendor Notified
7/18/20 - Patch / Hotfix Created
Apply hotfix provided by vendor