- changed status to open
Open redirect vulnerability within the "next" parameter
Issue #101
resolved
When viewing a message, just add the following ?next=//google.com
to your url.
When clicking on the "back" link, or after the message is posted, the browser will be redirected to the link in the URL.
Not a major bug, but someone could eventually use that as a way to redirect visitors to a fishing website if they don't pay attention.
Comments (4)
-
repo owner -
repo owner -
assigned issue to
-
assigned issue to
-
reporter That sounds safer indeed.
Thanks!
-
repo owner - changed status to resolved
Fixed in repository.
- Log in to comment
My proposal is to silently suppress the scheme part and domain part, if present.
That is:
?next=//elsewhere.com
would be read as?next=
(so without effect), and?next=http://elsewhere.com/page
as?next=/page
.Is it OK for you?