Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module detects an open redirect vulnerability in Otobo, a specific software. The severity of this vulnerability is classified as medium.
Original author: 0x_Akoko
An open redirect vulnerability allows an attacker to redirect users to malicious websites, potentially leading to phishing attacks or the installation of malware.
The module sends an HTTP GET request to the "/otobo/index.pl?Action=ExternalURLJump;URL=http://www.interact.sh" path. It then checks the response header for a regex match using the following pattern:
(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\\\)(?:[a-zA-Z0-9\\-_.@]*)interact\\.sh\/?(\/|[^.].*)?$
If the regex match is found, the module reports a vulnerability.
Note: This module is designed to detect the presence of an open redirect vulnerability and does not attempt to exploit it.