Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Bitrix Site Management Russia 2.0 - Open Redirect" module is a test case designed to detect an open redirect vulnerability in the Bitrix Site Management Russia 2.0 software. This vulnerability allows an attacker to redirect a user to a malicious website, potentially leading to the disclosure of sensitive information. The severity of this vulnerability is classified as medium.
This module was authored by pikpikcu.
An open redirect vulnerability in the Bitrix Site Management Russia 2.0 software can have serious consequences. By exploiting this vulnerability, an attacker can trick users into visiting malicious websites, potentially leading to the theft of sensitive information or the execution of further attacks.
The "Bitrix Site Management Russia 2.0 - Open Redirect" module works by sending various HTTP requests to the target website and checking for specific conditions. If the target website responds with a redirect status code (302 or 301) and the redirect location matches the regex pattern for the "interact.sh" domain, the module considers the vulnerability to be present.
Here is an example of an HTTP request used by the module:
GET /bitrix/rk.php?goto=https://interact.sh
The module uses two matching conditions to confirm the presence of the vulnerability:
- The response header must contain a redirect location that matches the regex pattern for the "interact.sh" domain. - The response status code must be either 302 or 301.If both conditions are met, the module reports the presence of the open redirect vulnerability.