Open Redirect in archivy/archivy

Valid

Reported on

Feb 16th 2022


Description

The application doesn't check the target website before redirecting leads to Open Redirect vulnerability.

Proof of Concept

Install local service for testing

  • Step 1: Go to http://127.0.0.1:5000/login?next=%2F%2fevil.com
  • Step 2: Enter valid credential, you will be redirect to evil.com
  • PoC: https://drive.google.com/file/d/1mwGtImU2srYZ_3FlHQBrAJFzt3PyZQzM

Impact

Attackers can redirect users to any website and perform phishing attacks.

We are processing your report and will contact the archivy team within 24 hours. 3 months ago
We have contacted a member of the archivy team and are waiting to hear back 3 months ago
We have sent a follow up to the archivy team. We will try again in 7 days. 3 months ago
archivy/archivy maintainer validated this vulnerability 3 months ago
nhiephon has been awarded the disclosure bounty
The fix bounty is now up for grabs
We have sent a fix follow up to the archivy team. We will try again in 7 days. 3 months ago
We have sent a second fix follow up to the archivy team. We will try again in 10 days. 3 months ago
archivy/archivy maintainer confirmed that a fix has been merged on 2d8cb2 3 months ago
The fix bounty has been dropped
routes.py#L266-L267 has been validated
to join this conversation