CVE-2008-5742 Information
Description
Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an \HTTP Response Splitting\ section in the original disclosure.
Reference
http://securityreason.com/securityalert/4819
http://www.securityfocus.com/bid/32992
https://www.exploit-db.com/exploits/7560
Multiple
open
redirect
vulnerabilities
in
AIST
NetCat
3.12
and
earlier
allow
remote
attackers
to
redirect
users
to
arbitrary
web
sites
and
conduct
phishing
attacks
via
(1)
the
redirect
parameter
in
a
logoff
action
to
modules/auth/index.php
or
(2)
the
url
parameter
to
modules/linkmanager/redirect.php.
NOTE:
this
was
reported
within
an
\HTTP
Response
Splitting
section
in
the
original
disclosure.