CVEs-PoC/2017/CVE-2017-5871.md

### [CVE-2017-5871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5871)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).

### POC

#### Reference
- https://sysdream.com/news/lab/2017-11-20-cve-2017-5871-odoo-url-redirection-to-distrusted-site-open-redirect/

#### Github
- https://github.com/1337rokudenashi/CVE-2017-5871
- https://github.com/1337rokudenashi/Odoo-leq-8.0-20160726-and-9.0-Open-Redirect
- https://github.com/20142995/nuclei-templates
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/cyb3r-w0lf/nuclei-template-collection