Vulnerability Report: Text Injection in Registration

[ERosendo]

A security vulnerability has been identified in the registration success functionality. This vulnerability could allow attackers to inject malicious content into the registration success page, potentially leading to phishing attacks or malware downloads.

Here's how it works:

The registration success page relies on information within the URL to dynamically render its content. Specifically, it uses parameters like "next" and "email" to personalize the message. However, if these parameters aren't properly sanitized before being displayed, attackers can exploit this weakness.

An attacker can craft a malicious URL that includes the "next" and "email" parameters containing deceptive text and a link to a harmful website. Here's an example:

https://www.courtlistener.com/register/success/?next=//evil.com&email=visit%20https://evil.com/malware.exe%20to%20win%20$100%20giftcard

Here, the attacker is trying to inject a phishing link disguised as a congratulatory message about winning a gift card. This could trick a user into clicking the malicious link in the "email" parameter, potentially leading to malware download from the link.