CVE-2021-22873

MEDIUM EXPLOITED NUCLEI

Revive Adserver <5.1.0 - Open Redirect

Title source: llm

Exploitation Summary

CVE-2021-22873 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including K3ysTr0K3R. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional bash script that demonstrates an open redirect vulnerability in Revive Adserver by sending a crafted request to the vulnerable endpoint and extracting the redirect location. The README provides technical details about the vulnerability, including affected parameters and steps to reproduce.

Description

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.

Exploits (1)

nomisec WORKING POC 1 stars

by K3ysTr0K3R · client-side

https://github.com/K3ysTr0K3R/CVE-2021-22873-EXPLOIT

View Code ZIP pw:eip

The repository contains a functional bash script that demonstrates an open redirect vulnerability in Revive Adserver by sending a crafted request to the vulnerable endpoint and extracting the redirect location. The README provides technical details about the vulnerability, including affected parameters and steps to reproduce.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Revive Adserver before 5.1.0

No auth needed

Prerequisites: Target running Revive Adserver version before 5.1.0 · Network access to the target server

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Revive Adserver <5.1.0 - Open Redirect

MEDIUMVERIFIEDby pudsec

Shodan: http.favicon.hash:106844876 || http.title:"revive adserver"

FOFA: icon_hash=106844876 || title="revive adserver"

References (5)

Core 5

Core References

Exploit, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/1081406

Vendor Advisory x_refsource_misc

https://www.revive-adserver.com/security/revive-sa-2021-001/

Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/revive-adserver/revive-adserver/issues/1068

Broken Link, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Jan/60

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html

Scores

CVSS v3 6.1

EPSS 0.6601

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-11-20

CWE

CWE-601

Status published

Products (1)

revive-adserver/revive_adserver < 5.1.0

Published Jan 26, 2021

Tracked Since Feb 18, 2026