Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL Redirect vulnerability #619

Closed
SeagullGR opened this issue Apr 26, 2018 · 1 comment

Comments

2 participants
@SeagullGR
Copy link

commented Apr 26, 2018

Hi,man.I found a URL Redirect vulnerability in user login page.

First,my test environment

OS : Windows 10
Browser : FireFox
Data : 2018.04.2615:26 PM

Second,vulnerability details

I built a program with symphony.

Location : /login?goto=

Exploit Method :

  1. click a link : /login?goto=https://www.sina.cn/
  2. Login website

0

  1. input username and password , then login.

1

  1. The page will goto sina.cn

2

Third,others

This vulnerability can defraud users for phishing attacks.
Vulnerability Reporter : Seagull

@88250 88250 self-assigned this Apr 26, 2018

@88250 88250 added the bug label Apr 26, 2018

@88250 88250 added this to the 2.7.0 milestone Apr 26, 2018

@88250

This comment has been minimized.

Copy link
Member

commented Apr 26, 2018

It's will be fixed in next release of community edition, thank you!

@88250 88250 closed this in 8020cff Apr 26, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.