Open Redirect in blogifierdotnet/blogifier


Reported on

Sep 28th 2021


Open redirect at login page due to unchecked "returnUrl" param

Proof of Concept

  1. Go to demo page link
  2. Login using demo account and see that you are redirected to


This vulnerability is capable of open redirect

We created a GitHub Issue asking the maintainers to create a 2 years ago
We have contacted a member of the blogifierdotnet/blogifier team and are waiting to hear back 2 years ago
blogifierdotnet/blogifier maintainer
2 years ago


How is this vulnerability if you have to first sign in as a site admin??

2 years ago


Hi, the vulnerability is of type Open Redirect, that means the user is redirected from blogifier to another malicious page. In the real attack scenario, the attacker will send this url to user:{attacker_malicious_link} If the user logs in, he/she then redirected to malicious site. Reference :

We have sent a third and final follow up to the blogifierdotnet/blogifier team. This report is now considered stale. 2 years ago
blogifierdotnet/blogifier maintainer validated this vulnerability 2 years ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
blogifierdotnet/blogifier maintainer marked this as fixed with commit e0301d 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation