Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in posthog/posthog
Mar 22nd 2022
Posthog application is vulnerable to open redirect which can be exploited by adding authorize_and_redirect/?redirect=https://evil.com endpoint.
Proof of Concept
1.Open the link https://app.posthog.com/login?next=/authorize_and_redirect/%3Fredirect%3Dhttps%25253A%25252F%25252Fevil.com
2.Login with your account and click on "Authorize None"
3.Now you will see you will get redirected to https://evil.com/
Url Redirection or Unvalidated Open Redirects are usually used with phishing attacks or in malware delivery, it may confuse the end-user on which site they are visiting.
1.Attackers could redirect victims to vulgar sites such as 18+ sites which can degrade the reputation of your site, as the redirection happened from your domain.
2.Attackers could deliver malware or phishing pages in the name of your website & hence cab steal user credentials.