Orchard 'ReturnUrl' Parameter URI Redirection Vulnerability

Bugtraq ID:	51260
Class:	Input Validation Error
CVE:	CVE-2011-5252
Remote:	Yes
Local:	No
Published:	Jan 04 2012 12:00AM
Updated:	Jan 16 2013 06:00PM
Credit:	Mesut Timur
Vulnerable:	Orchard Orchard 1.3.9
Not Vulnerable:	Orchard Orchard 1.3.10

Orchard 'ReturnUrl' Parameter URI Redirection Vulnerability

Orchard is prone to a URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible.

Orchard 1.3.9 is vulnerable; other versions may be affected.

Orchard 'ReturnUrl' Parameter URI Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

The following example URI is available:

http://www.example.com/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fwww.netsparker.com%3f

Orchard 'ReturnUrl' Parameter URI Redirection Vulnerability

Solution:
Updates are available. Please see the references for more information.

Orchard 'ReturnUrl' Parameter URI Redirection Vulnerability

References:

• Open Redirection Vulnerability in Orchard (Netsparker)
  
• Orchard Homepage (Orchard)
  
• Update available (Orchard)