Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Odoo CMS - Open Redirect

By kannthu

Medium
Vidoc logoVidoc Module
#odoo#redirect
Description

Odoo CMS - Open Redirect

What is the "Odoo CMS - Open Redirect?"

The "Odoo CMS - Open Redirect" module is designed to detect an open redirect vulnerability in the Odoo CMS software. This vulnerability allows an attacker to redirect a user to a malicious site, potentially leading to the disclosure of sensitive information, data modification, or remote code execution. The severity of this vulnerability is classified as medium.

This module was authored by 0x_Akoko.

Impact

An open redirect vulnerability in Odoo CMS can have serious consequences. By exploiting this vulnerability, an attacker can trick users into visiting malicious websites, leading to potential data breaches, unauthorized access, and other security risks.

How does the module work?

The "Odoo CMS - Open Redirect" module works by sending HTTP requests to the target Odoo CMS instance and checking for specific conditions that indicate the presence of an open redirect vulnerability.

One example of an HTTP request template used by this module is:

GET /website/lang/en_US?r=https://interact.sh/

This request attempts to access the "/website/lang/en_US" path with a query parameter "r" set to "https://interact.sh/".

The module then applies matching conditions to the response received from the target. In this case, it uses a regular expression matcher to check if the "Location" header contains a URL that matches the pattern "(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$". If a match is found, the module identifies the presence of an open redirect vulnerability.

By leveraging the capabilities of the Vidoc platform, this module helps security professionals identify and mitigate the open redirect vulnerability in Odoo CMS instances.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/website/lang/en_US?...
Matching conditions
regex: (?m)^(?:Location\s*?:\s*?)(?:https?://|/...
Passive global matcher
No matching conditions.
On match action
Report vulnerability