g6 icon indicating copy to clipboard operation
g6 copied to clipboard
verified publisher icon gnuboard

Open Redirect Vulnerability

Open NinjaGPT opened this issue 6 months ago • 1 comments

Vulnerability

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Summary

The login page URL can include a url parameter, and after authentication, users will be redirected to this URL. If an attacker provides a url pointing to a phishing or other malicious website, users will be redirected there after logging in.

Details

Taint source

GET /bbs/login

Image

On the login page, the view passes the url parameter from the URL to the template. When the template renders the page, it fills this url into an input field in the form. When users POST login data (i.e., POST /bbs/login), upon successful authentication, they will be redirected to the url value from the form.

Image

Taint sink

POST /bbs/login

POC

For example, if the BBS website is at 127.0.0.1:8000, requesting http://127.0.0.1:8000/bbs/login?url=http://google.com will cause the browser to open the Google homepage after successful authentication.

NinjaGPT avatar Jul 07 '25 03:07 NinjaGPT