Open Redirect in forkcms/forkcms
Mar 22nd 2021
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that process that makes it possible for attackers to steer users to malicious third-party websites. Sites or apps that fail to authenticate URLs can become a vector for malicious redirects to convincing fake sites for identity theft or sites that install malware.
Vulnerable parameter - querystring
🕵️♂️ Proof of Concept
1- Goto https://localhost/private/en/authentication?querystring=//evil.com 2- Enter email and password 3- User will be redirected to an attacker-controlled website.
Video POC: https://drive.google.com/file/d/19EPobfLf7BEouC0Aqf_EEMDNKLfBY5WD/view?usp=sharing
Attacker can trick users to visit malicious websites. Attackers may be able to use this to execute believable phishing attacks, bypass authentication, or (in rare circumstances) violate CSRF mitigations. Attacker can hijack browser and leverage this easily to get access to laptop