CVE-2008-2052
published 2008-05-02CVE-2008-2052: Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing…
PriorityP264medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.57%
72.3th percentile
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitrix24 | bitrix_site_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
- →Look for HTTP 301/302 redirect responses from /bitrix/redirect.php or /bitrix/rk.php where the Location header points to an external domain supplied via the 'goto' parameter. ↗
- →Monitor GET requests to /bitrix/redirect.php and /bitrix/rk.php containing a 'goto' parameter with an external URL, including URL-encoded bypass variants such as %252F to evade allowlist checks. ↗
- →Shodan fingerprint for exposed Bitrix instances: search for html:"/bitrix/" to identify potentially vulnerable targets. ↗
- ·The Nuclei template uses 'stop-at-first-match: true' across 14 payload paths, meaning only the first successful redirect response is flagged; scanners should iterate all paths independently to avoid false negatives. ↗
- ·The vulnerability affects redirect.php in Bitrix Site Manager 6.5 per NVD, but the Nuclei template targets version 2.x paths — coverage may differ across product versions. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x937-7247-33m3: Open redirect vulnerability in redirect
ghsa_unreviewed·2022-05-01
CVE-2008-2052 [MEDIUM] CWE-59 GHSA-x937-7247-33m3: Open redirect vulnerability in redirect
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
VulnCheck
bitrix24 bitrix_site_manager URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2008·CVSS 6.1
CVE-2008-2052 [MEDIUM] bitrix24 bitrix_site_manager URL Redirection to Untrusted Site ('Open Redirect')
bitrix24 bitrix_site_manager URL Redirection to Untrusted Site ('Open Redirect')
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
Affected: bitrix24 bitrix_site_manager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip
No detection rules found.
Nuclei
Bitrix Site Management 2.x - Open Redirect
nuclei·CVSS 6.1
CVE-2008-2052 [MEDIUM] Bitrix Site Management 2.x - Open Redirect
Bitrix Site Management 2.x - Open Redirect
Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters.
Template:
id: CVE-2008-2052
info:
name: Bitrix Site Management 2.x - Open Redirect
author: pikpikcu,gtrrnr,liangtovi-debug
severity: medium
description: |
Bitrix Site Management 2.x contains an open redirect vulnerability allowing attackers to redirect users to arbitrary external sites via crafted redirect parameters.
impact: |
Successful exploitation can facilitate phishing and token theft by redirecting users to attacker-controlled destinations.
remediation: |
Upgrade Bitrix to a patched version and validate redirect targets against an allowlist.
reference:
- https://packetstorms
No writeups or analysis indexed.
2008-05-02
Published
Exploited in the wild