Open redirect on the login page. #229

Open
showell-nic opened this Issue Oct 7, 2012 · 0 comments

Projects

None yet

1 participant

@showell-nic

The location redirect on the login page doesn't check whether the redirect is local and will send the user to any URL.
An example of the redirect is http://www.4clojure.com/login?location=http%3A%2F%2Fwww.google.com

To see more information about this vulnerability see the OWASP Top 10: https://www.owasp.org/index.php/Top_10_2010-A10

@showell-nic showell-nic closed this Oct 7, 2012
@showell-nic showell-nic reopened this Oct 7, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment