Sielox AnyWare Open Redirection via Host Header Vulnerability
漏洞信息
漏洞名称: Sielox AnyWare Open Redirection via Host Header Vulnerability
漏洞编号:
- CVE: CVE-2024-34328
漏洞类型: 服务器端请求伪造
漏洞等级: 中危
漏洞描述: Sielox AnyWare是一款用于安全监控和访问控制的软件,广泛应用于企业和机构的物理安全系统中。该软件允许用户通过Web界面远程管理门禁系统和其他安全设备,因此在企业级安全部署中占有重要地位。
该漏洞属于服务器端请求伪造(SSRF)类型,具体表现为应用程序在生成绝对URL进行重定向时,未能正确验证Host头部的输入。攻击者可以通过构造包含恶意Host头部的URL,诱骗用户点击后重定向至攻击者控制的恶意网站。这种漏洞的根源在于应用程序对用户提供的输入缺乏严格的验证和过滤机制。
成功利用此漏洞的攻击者可以将用户重定向至钓鱼网站,绕过依赖于主机验证的安全过滤器,并滥用用户与原应用程序之间的信任关系。这种攻击不需要用户认证,且可以自动化执行,增加了潜在的安全风险。攻击者可能通过此漏洞进行钓鱼攻击、凭证窃取或恶意软件分发,对用户和企业造成严重的安全威胁。
产品厂商: Sielox
产品名称: Sielox AnyWare
影响版本: 2.1.2
来源: https://github.com/0xsu3ks/CVE-2024-34328
类型: CVE-2024:github search
仓库文件
- README.md
- img1.png
- img2.png
来源概述
CVE-2024-34328 Open Redirection via Host Header
📝 Overview
Vulnerability Title: Open Redirection via Host Header
Product: Sielox AnyWare
Version Affected: 2.1.2
CVE ID: CVE-2024-34328
Severity: Medium
Attack Vector: Remote
Impact: Open Redirection / Phishing
🧨 Description
An attacker can craft a URL with a modified Host header that points to a malicious domain under their control. When users click the malicious link, they are redirected to the attacker’s domain — potentially leading to phishing, credential theft, or malware delivery.
This vulnerability arises due to the application’s improper validation of the Host header when generating absolute URLs during redirection.
🖼️ Proof of Concept (PoC)
🔗 Modified Host Header Attack
Below are two images demonstrating the exploit process:
Step 1: Malicious URL crafted using the Host header
Step 2: Victim is redirected to an attacker-controlled domain
🛡️ Mitigation
- Validate and sanitize the
Hostheader server-side. - Use a fixed host value for redirection logic.
- Implement allow-lists for trusted redirect domains.
- Avoid dynamic redirects based on untrusted user input.
🔒 Impact
Successful exploitation may allow attackers to:
- Redirect users to phishing sites
- Bypass security filters that rely on host validation
- Abuse trust relationships between users and the original application
👨💻 Author
Security Researcher – Kevin Suckiel // 0xsu3ks
⚠️ Legal Note
This research is for educational purposes and responsible disclosure. The author is not liable for any misuse of this information.