Open Redirect in fisharebest/webtrees


Reported on

Sep 29th 2021


I saw this report :

and Also your fix commit

then I should say that the fix can be bypassed with such payloads :

If the base_url be then we can bypass it with these payloads : == > == >

We have contacted a member of the fisharebest/webtrees team and are waiting to hear back 2 years ago
Greg Roach validated this vulnerability 2 years ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Greg Roach marked this as fixed with commit 8d9c2b 2 years ago
Greg Roach has been awarded the fix bounty
This vulnerability will not receive a CVE
ContactAction.php#L1-L164 has been validated
EmptyClipboard.php#L1-L69 has been validated
EditFactAction.php#L1-L122 has been validated
LoginAction.php#L1-L147 has been validated
MessageAction.php#L1-L114 has been validated
to join this conversation