https://github.com/mbadanoiu/cve-2021-46366

CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS
https://github.com/mbadanoiu/cve-2021-46366

0-day csrf cve cve-2021-46366 cves open-redirect

Last synced: about 2 months ago
JSON representation

CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS

Host: GitHub
URL: https://github.com/mbadanoiu/cve-2021-46366
Owner: mbadanoiu
Created: 2024-02-13T21:09:53.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2024-02-13T21:20:48.000Z (about 1 year ago)
Last Synced: 2025-01-12T09:29:30.343Z (3 months ago)
Topics: 0-day, csrf, cve, cve-2021-46366, cves, open-redirect
Homepage:
Size: 268 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS

An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#_security_advisory).

### Requirements:

This vulnerability requires:

- Convincing a user to access the malicious CSRF HTML page

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2021-46366/blob/main/Magnolia%20CMS%20-%20CVE-2021-46366.pdf).

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/mbadanoiu/cve-2021-46366

Awesome Lists containing this project

README