Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix open redirect vulnerability on the login page #2262

Merged
merged 1 commit into from
Feb 16, 2022

Conversation

Kirill89
Copy link
Contributor

This PR fixes Open Redirect vulnerability in next query parameter of login and reset password pages.

To reproduce this issue you need to open https://localhost:3333/login?next=\\\\\\example.com and then login. You are going to be redirected to https://example.com.

@jordan-wright and I had a discussion about this vulnerability in email.

@Kirill89
Copy link
Contributor Author

@jordan-wright any reason not to merge this PR?

@glennzw
Copy link
Collaborator

glennzw commented Feb 16, 2022

Tested and this LGTM, thanks @Kirill89 !

@glennzw glennzw merged commit 67e304f into gophish:master Feb 16, 2022
@Kirill89
Copy link
Contributor Author

Are you going to publish a new release of gophish soon?

@glennzw
Copy link
Collaborator

glennzw commented Feb 16, 2022

Yes I am.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants