New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

URL redirection 302 vulnerability #17

Closed
ly55521 opened this Issue Aug 31, 2018 · 0 comments

Comments

2 participants
@ly55521
Copy link

ly55521 commented Aug 31, 2018

URL redirection 302 vulnerability

poc:

https://cms.publiccms.com/admin/changeLocale?lang=&returnUrl=https://github.com/sanluan/PublicCMS/issues/?https://cms.publiccms.com/admin/

Site redirection does not require login, bypasses judgment to redirect to the current domain name, bypasses the current domain name as a parameter

sanluan added a commit that referenced this issue Sep 19, 2018

@sanluan sanluan closed this Oct 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment