Open Redirect in alanaktion/phproject

Valid

Reported on

Jan 28th 2022


Description

Bypass open redirect protection

Proof of Concept

patch for this report https://huntr.dev/bounties/1183df1a-5243-42f9-a263-267b92444b03/ easily can be bypassed

Bypass url https://demo.phproject.org/login?to=//example.com

We are processing your report and will contact the alanaktion/phproject team within 24 hours. 4 months ago
We have contacted a member of the alanaktion/phproject team and are waiting to hear back 4 months ago
We have sent a follow up to the alanaktion/phproject team. We will try again in 7 days. 4 months ago
We have sent a second follow up to the alanaktion/phproject team. We will try again in 10 days. 4 months ago
We have sent a third and final follow up to the alanaktion/phproject team. This report is now considered stale. 3 months ago
Alan Hardman validated this vulnerability 3 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alan Hardman confirmed that a fix has been merged on c9c95f 3 months ago
The fix bounty has been dropped
index.php#L47-L62 has been validated
index.php#L78-L113 has been validated
to join this conversation