KodExplorer 4.52 Open Redirect

2025.05.05
Credit: Rahad Chowdhury
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-601

# Exploit Title: KodExplorer 4.52 - Open Redirect # Date: 2024-11-08 # Exploit Author: Rahad Chowdhury # Vendor Homepage: https://kodcloud.com/ # Software Link: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52 # Version: 4.52 # Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56 *Steps to Reproduce:* 1. At first visit this url http://target.com/index.php?user/login&link=. 2. Then use any malicious url in link parameter. 3. your link will be look like: http://target.com/index.php?user/login&link=https://{site}.com 4. login your account and you will redirect to malicious url.


See this note in RAW Version
Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top