Skip to content
/ CVE-2023-0748 Public

BTCPayServer version 1.7.5 and below is vulnerable for Open Redirection attack.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gonzxph/CVE-2023-0748

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2023-0748

BTCPayServer 1.7.5 and lower version is vulnerable for Open Redirection attack.

Step to Reproduce

  1. Login your account on

https://mainnet.demo.btcpayserver.org/login

  1. Then Click the link below

https://mainnet.demo.btcpayserver.org/recovery-seed-backup?cryptoCode=BTC&mnemonic=above&passphrase=&isStored=false&requireConfirm=true&returnUrl=//evil.com

  1. Check the I have written down my recovery phrase and stored it in a secure location

  2. Then click Done

You will be redirected to evil.com



Credits

• Jefferson Gonzales (Gonz)
• Link: https://twitter.com/gonzxph

About

BTCPayServer version 1.7.5 and below is vulnerable for Open Redirection attack.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages