Open Redirect in microweber/microweber
Feb 13th 2022
An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites.
The bug exists due to improper fix of https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25/.
By adding an extra slash
/ the previous fix can be bypassed.
Proof of Concept
The above url will redirect you to evil.com
This issue can be leveraged to phishing attacks.