Open Redirect in fisharebest/webtrees


Reported on

Sep 29th 2021


I saw this report :

and Also your fix commit

then I should say that the fix can be bypassed with such payloads :

If the base_url be then we can bypass it with these payloads : == > == >

We have contacted a member of the fisharebest/webtrees team and are waiting to hear back a year ago
Greg Roach validated this vulnerability a year ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Greg Roach confirmed that a fix has been merged on 8d9c2b a year ago
Greg Roach has been awarded the fix bounty
ContactAction.php#L1-L164 has been validated
EmptyClipboard.php#L1-L69 has been validated
EditFactAction.php#L1-L122 has been validated
LoginAction.php#L1-L147 has been validated
MessageAction.php#L1-L114 has been validated
to join this conversation