Bugtraq mailing list archives
CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0
From: RedTeam Pentesting GmbH <release () redteam-pentesting de>
Date: Mon, 12 Jan 2015 15:10:09 +0100
The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by specifying the target URL in the URL parameter board_url in URLs like the following: http://www.example.com/mobiquo/smartbanner/welcome.php?board_url=https://www.redteam-pentesting.de CVE-2014-8870 was assigned to this issue. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens Liebchen
Attachment:
_bin
Description:
Current thread:
- CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting GmbH (Jan 12)