The application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
`
Log off
def destroy
remove_session
# do we want to redirect externally?
path = params.permit(:continue)[:continue] || '/'
if path.include?("://")
authority = current_authority
uri = Addressable::URI.parse(path)
if uri.domain == authority.domain
path = "#{uri.request_uri}#{uri.fragment ? "##{uri.fragment}" : nil}"
else
path = authority.logout_url
if path.include?("continue=")
path = URI.decode_www_form_component(path.split("continue=", 2)[-1])
end
end
end
redirect_to path
end
The application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
`
Log off
`
Payload: https:///auth/logout?continue=//<external_domain>
The text was updated successfully, but these errors were encountered: