Open Redirect in ikus060/rdiffweb

Valid

Reported on

Feb 15th 2022

Description

The application has an Open Redirect vulnerability because the data filtering process does not completely prevent attacks.

Proof of Concept

  • Step 1: Visit https://rdiffweb-demo.ikus-soft.com/login/?redirect=//evil.com
  • Step 2: Login with valid account, you will be redirect to evil.com

Impact

Attackers can redirect users to any website and perform phishing attacks.

We are processing your report and will contact the ikus060/rdiffweb team within 24 hours. 2 years ago
We have contacted a member of the ikus060/rdiffweb team and are waiting to hear back 2 years ago
We have sent a follow up to the ikus060/rdiffweb team. We will try again in 7 days. 2 years ago
We have sent a second follow up to the ikus060/rdiffweb team. We will try again in 10 days. 2 years ago
We have sent a third and final follow up to the ikus060/rdiffweb team. This report is now considered stale. 2 years ago
nhiephon
2 years ago

Researcher

Hi,

Any update to this?

Patrik Dufresne validated this vulnerability a year ago

@nhiephon

I never received a notification about this report. For completely different reason. I've change the logic to remove the redirection and store the original URL in user session. This change in currently in a developement branch with two-factor authentication using email verification code. You may take a look at

https://github.com/ikus060/rdiffweb/blob/patrik-mfa/rdiffweb/tools/auth_form.py https://github.com/ikus060/rdiffweb/blob/patrik-mfa/rdiffweb/tools/auth_mfa.py

nhiephon has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
We have sent a fix follow up to the ikus060/rdiffweb team. We will try again in 7 days. a year ago
Patrik Dufresne marked this as fixed in 2.5.0a2 with commit dade9a a year ago
Patrik Dufresne has been awarded the fix bounty
This vulnerability will not receive a CVE
page_login.py#L48 has been validated
to join this conversation