We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Open Redirect in blogifierdotnet/blogifier

Valid

Reported on

Sep 28th 2021

Description

Open redirect at login page due to unchecked "returnUrl" param

Proof of Concept

  1. Go to demo page link http://demo.blogifier.net/admin/login/?returnUrl=https://google.com
  2. Login using demo account and see that you are redirected to google.com

Impact

This vulnerability is capable of open redirect

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 years ago
We have contacted a member of the blogifierdotnet/blogifier team and are waiting to hear back 2 years ago
blogifierdotnet/blogifier maintainer
2 years ago

Maintainer

How is this vulnerability if you have to first sign in as a site admin??

M0rphling
2 years ago

Researcher

Hi, the vulnerability is of type Open Redirect, that means the user is redirected from blogifier to another malicious page. In the real attack scenario, the attacker will send this url to user:
http://demo.blogifier.net/admin/login/?returnUrl={attacker_malicious_link} If the user logs in, he/she then redirected to malicious site. Reference : https://portswigger.net/kb/issues/00500100_open-redirection-reflected

We have sent a third and final follow up to the blogifierdotnet/blogifier team. This report is now considered stale. 2 years ago
blogifierdotnet/blogifier maintainer validated this vulnerability 2 years ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
blogifierdotnet/blogifier maintainer marked this as fixed with commit e0301d 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation