Open Redirect in ikus060/rdiffweb
Feb 15th 2022
The application has an Open Redirect vulnerability because the data filtering process does not completely prevent attacks.
Proof of Concept
- Step 1: Visit https://rdiffweb-demo.ikus-soft.com/login/?redirect=//evil.com
- Step 2: Login with valid account, you will be redirect to evil.com
Attackers can redirect users to any website and perform phishing attacks.