Last active
January 2, 2024 02:29
-
-
Save xue-yao-go/87d088fa3f423bba8098ef22988e4626 to your computer and use it in GitHub Desktop.
zentao ≤ 4.1.3[CVE-2023-49394] is vulnerable URL redirect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zentao ≤ 4.1.3 is vulnerable URL redirect | |
Discoverer:hh | |
# Introduction to zentao | |
Product official website:https://www.zentao.net/ | |
The zentao Enterprise Edition has expanded horizontally based on the project management process on the basis of the open source version, adding functions such as operation and maintenance management, feedback management, and OA office management to meet the online collaboration needs of more roles, forming a closed-loop management system. | |
The Enterprise Edition is more adaptable to the personalized needs of enterprises, adding functions such as custom workflows, custom large screens, custom pivot tables, custom charts, and AI prompt designers, providing more comprehensive support for enterprise project management. | |
In terms of service, the Enterprise Edition can provide one-on-one customer successful services such as user training, technical support, and review guidance to ensure the implementation of the system. | |
# Vulnerability Description | |
Zentao <=4.1.3 has a URL redirect vulnerability, which prevents the system from functioning properly | |
# Recurrence of vulnerabilities | |
Background→integration→ ZDOO→ interface address function in zentao | |
Fill in http://127.0.0.1/sys/sso-check.html,Click to save | |
![zdoo2](https://gist.github.com/assets/62127533/6badea67-7de4-47a2-b741-95ed28b1ce58) | |
After refreshing, it will be found that the system automatically redirects to the 127.0.0.1 website, and whether you re-enter the login page or other pages, it will instantly redirect to 127.0.0.1, causing the Zentao function to be completely unusable. | |
The screenshot of the jump is as follows: | |
![zdoo3](https://gist.github.com/assets/62127533/e72312e5-1042-404a-96ab-45479a0d75be) | |
# payload | |
Background→integration→ ZDOO→ interface address function in zentao | |
Fill in http://127.0.0.1/sys/sso-check.html,Click to save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
zentao ≤ 4.1.3 is vulnerable URL redirect
Discoverer:hh
Introduction to zentao
Product official website:https://www.zentao.net/
The zentao Enterprise Edition has expanded horizontally based on the project management process on the basis of the open source version, adding functions such as operation and maintenance management, feedback management, and OA office management to meet the online collaboration needs of more roles, forming a closed-loop management system.
The Enterprise Edition is more adaptable to the personalized needs of enterprises, adding functions such as custom workflows, custom large screens, custom pivot tables, custom charts, and AI prompt designers, providing more comprehensive support for enterprise project management.
In terms of service, the Enterprise Edition can provide one-on-one customer successful services such as user training, technical support, and review guidance to ensure the implementation of the system.
Vulnerability Description
Zentao <=4.1.3 has a URL redirect vulnerability, which prevents the system from functioning properly
Recurrence of vulnerabilities
Background→integration→ ZDOO→ interface address function in zentao
Fill in http://127.0.0.1/sys/sso-check.html,Click to save
After refreshing, it will be found that the system automatically redirects to the 127.0.0.1 website, and whether you re-enter the login page or other pages, it will instantly redirect to 127.0.0.1, causing the Zentao function to be completely unusable.
The screenshot of the jump is as follows:
payload
Background→integration→ ZDOO→ interface address function in zentao
Fill in http://127.0.0.1/sys/sso-check.html,Click to save