Open Redirect in alanaktion/phproject

Valid

Reported on

Sep 11th 2021


✍️ Description

open-redirect

🕵️‍♂️ Proof of Concept

Bellow url is vulnerable to open redirect after login .
it will redirect user to any arbitary site .

http://localhost/phproject/login?to=http://example.com

💥 Impact

Open redirect to any site

We have contacted a member of the alanaktion/phproject team and are waiting to hear back 8 months ago
Alan Hardman validated this vulnerability 4 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alan Hardman confirmed that a fix has been merged on 11989f 4 months ago
Alan Hardman has been awarded the fix bounty
to join this conversation