Open Redirect in ikus060/rdiffweb

Valid

Reported on

Feb 15th 2022


Description

The application has an Open Redirect vulnerability because the data filtering process does not completely prevent attacks.

Proof of Concept

  • Step 1: Visit https://rdiffweb-demo.ikus-soft.com/login/?redirect=//evil.com
  • Step 2: Login with valid account, you will be redirect to evil.com

Impact

Attackers can redirect users to any website and perform phishing attacks.

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. 8 months ago
We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back 7 months ago
We have sent a follow up to the ikus060/rdiffweb team. We will try again in 7 days. 7 months ago
We have sent a second follow up to the ikus060/rdiffweb team. We will try again in 10 days. 7 months ago
We have sent a third and final follow up to the ikus060/rdiffweb team. This report is now considered stale. 7 months ago
nhiephon
4 months ago

Researcher


Hi,

Any update to this?

Patrik Dufresne validated this vulnerability 25 days ago

@nhiephon

I never received a notification about this report. For completely different reason. I've change the logic to remove the redirection and store the original URL in user session. This change in currently in a developement branch with two-factor authentication using email verification code. You may take a look at

https://github.com/ikus060/rdiffweb/blob/patrik-mfa/rdiffweb/tools/auth_form.py https://github.com/ikus060/rdiffweb/blob/patrik-mfa/rdiffweb/tools/auth_mfa.py

nhiephon has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
We have sent a fix follow up to the ikus060/rdiffweb team. We will try again in 7 days. 22 days ago
Patrik Dufresne confirmed that a fix has been merged on dade9a 16 days ago
Patrik Dufresne has been awarded the fix bounty
page_login.py#L48 has been validated
to join this conversation