CVE-2021-22873

Description

Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.

NVD
Severity: MEDIUM
CVE ID: CVE-2021-22873
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-22873

Refrence: Project Discovery GitHub

K3ysTr0K3R

A PoC exploit for CVE-2021-22873 - Revive Adserver Open Redirect Vulnerability.

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept