Open Redirect to Reflected XSS - Open-AuditIT Professional 2.1

Hi All,

Recently in one of my pentest research, I found a Open-AuditIT Professional 2.1.

Open-AudIT is a network auditing application. It is based on the scripting languages of PHP, Bash and VBScript. Open-AudIT can tell what is on your network, how it is configured and if there have been any changes

Curious to explore its functionalities, I downloaded and set it up in my local system.

After installing first thing I noticed was `redirect_url=`

For me its cup of tea to get open URL Redirect.

  • Title of the Vulnerability:  Open URL Redirect and Reflected Cross-site Scripting (XSS) 
  • Vulnerability Class: Security Misconfiguration and Cross-site Scripting (XSS)
  • Technical Details & Description: The application source code is coded in a way which allows arbitrary web application to accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
  • CVE ID allocated:   
  1. Open Redirect :-  CVE-2018-8937
  2. Reflected XSS :- CVE-2018-8978
  • Product & Service Introduction: Open-AuditIT Professional 2.1

POC :- 

Vulnerable URL :- 

Lets move ahead one more step

Now in most of the case when you find the Open URL Redirection then chances to have XSS is almost 99%

1st Try for Reflected XSS 

Base 64 Encode


URL Encode


But hey this is not XSS

2nd Try for Reflected XSS 

XSS via a crafted src attribute of an IMG element within a URI.

Vulnerable URL :-

Video POC for Reflected XSS

How this worked :-

Share this

Related Posts

Next Post »