Open Redirect in openwhyd/openwhyd
Dec 13th 2021
openwhyd is vulnerable to Open Redirect vulnerability via the
redirect parameter at login page.
Proof of Concept
Send users the following login link
After users use their registered account to log in, they will be redirected to
This functionality is not restricted to relative URLs within the application and could be leveraged by an attacker to fool an end-user into believing that a malicious URL they were redirected to is valid. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.