Open Redirect in fisharebest/webtrees

Valid

Reported on

Sep 29th 2021

Description

I saw this report :

https://huntr.dev/bounties/ad4278af-52b7-4c34-8d43-9b829105d499/

and Also your fix commit

https://www.github.com/fisharebest/webtrees/commit/551ad4afbcef2a72a6cf6461f1747762180b12c5

then I should say that the fix can be bypassed with such payloads :

If the base_url be test.com then we can bypass it with these payloads :

test.com:test@mysite.com == >mysite.com

test.com.mysite.com == >mysite.com

Occurrences

AddSpouseToIndividualAction.php L1-L96

AddUnlinkedAction.php L1-L73

AddSpouseToFamilyAction.php L1-L102

EditFactAction.php L1-L122

AddChildToIndividualAction.php L1-L93

EmptyClipboard.php L1-L69

EditRawFactAction.php L1-L80

MessageAction.php L1-L114

AddParentToIndividualAction.php L1-L93

AddChildToFamilyAction.php L1-L85

LoginAction.php L1-L147

ContactAction.php L1-L164

We have contacted a member of the fisharebest/webtrees team and are waiting to hear back 2 years ago

Greg Roach validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

Greg Roach marked this as fixed with commit 8d9c2b 2 years ago

Greg Roach has been awarded the fix bounty

This vulnerability will not receive a CVE

ContactAction.php#L1-L164 has been validated

EmptyClipboard.php#L1-L69 has been validated

EditFactAction.php#L1-L122 has been validated

AddSpouseToIndividualAction.php#L1-L96 has been validated

LoginAction.php#L1-L147 has been validated

AddSpouseToFamilyAction.php#L1-L102 has been validated

AddUnlinkedAction.php#L1-L73 has been validated

MessageAction.php#L1-L114 has been validated

AddChildToIndividualAction.php#L1-L93 has been validated

AddParentToIndividualAction.php#L1-L93 has been validated

AddChildToFamilyAction.php#L1-L85 has been validated

EditRawFactAction.php#L1-L80 has been validated

to join this conversation