Open Redirect in blogifierdotnet/blogifier

Valid

Reported on

Apr 12th 2022


Description

An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/bac0b763-730c-4c4b-8b20-eb4926928cf3/. By using double / it is possible to bypass the check for http at the beggining of url and get open redirect

Proof of Concept

The url below is vulnerable to open redirect after login. It will redirect the user to any arbitrary site.

http://demo.blogifier.net/admin/login/?returnUrl=//google.com

Impact

Open redirect to any site

We are processing your report and will contact the blogifierdotnet/blogifier team within 24 hours. 2 months ago
We have contacted a member of the blogifierdotnet/blogifier team and are waiting to hear back a month ago
We have sent a follow up to the blogifierdotnet/blogifier team. We will try again in 7 days. a month ago
We have sent a second follow up to the blogifierdotnet/blogifier team. We will try again in 10 days. a month ago
blogifierdotnet/blogifier maintainer validated this vulnerability 25 days ago
Dom0nS has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
blogifierdotnet/blogifier maintainer confirmed that a fix has been merged on a7fa4d 25 days ago
The fix bounty has been dropped
Login.razor.cs#L22-L23 has been validated
to join this conversation