You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.
The vulnerability exists in the file https://github.com/fuge/cms/blob/master/src/foo/cms/action/member/RegisterAct.java where application is taking the nextUrl parameter as a user input and passing it without any validation. in next lines this nextUrl paramter is being used for redirection.
Root Cause
As mentioned above the file https://github.com/fuge/cms/blob/master/src/foo/cms/action/member/RegisterAct.java contains the following code:
Description
Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.
The vulnerability exists in the file
https://github.com/fuge/cms/blob/master/src/foo/cms/action/member/RegisterAct.java
where application is taking the nextUrl parameter as a user input and passing it without any validation. in next lines this nextUrl paramter is being used for redirection.Root Cause
As mentioned above the file
https://github.com/fuge/cms/blob/master/src/foo/cms/action/member/RegisterAct.java
contains the following code:This code takes in nextUrl as user input and passing it then this parameter is directly being used in line 110
response.sendRedirect(nextUrl);
Steps to reproduce
/register.jspx
endpoint.Proof of concept
The text was updated successfully, but these errors were encountered: