Insecure function isValidRedirect
leads to open redirect vulnerability
#5364
Labels
isValidRedirect
leads to open redirect vulnerability
#5364
Description
The function
isValidRedirect
ingogs/routes/user/auth.go
is used in login action to validate if url is on the same site.If the
Location
header startswith/\
, it will be transformed to//
by browsers.Check PoC here.
![Imgur](https://camo.githubusercontent.com/65b5a895252cd893b4490f4738f4c27d46dc747b3415a5791ac9b4f2e64c0f92/68747470733a2f2f692e696d6775722e636f6d2f64716b777178722e676966)
PoC gif:
A positive fix might looks like:
Discoverer: bluecatli from Tencent's Xuanwu Lab
The text was updated successfully, but these errors were encountered: