Open Redirect in blogifierdotnet/blogifier

Valid

Reported on

Apr 12th 2022

Description

An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/bac0b763-730c-4c4b-8b20-eb4926928cf3/. By using double / it is possible to bypass the check for http at the beggining of url and get open redirect

Proof of Concept

The url below is vulnerable to open redirect after login. It will redirect the user to any arbitrary site.

http://demo.blogifier.net/admin/login/?returnUrl=//google.com

Impact

Open redirect to any site

Occurrences

References

https://portswigger.net/kb/issues/00500100_open-redirection-reflected

We are processing your report and will contact the blogifierdotnet/blogifier team within 24 hours. a year ago

We have contacted a member of the blogifierdotnet/blogifier team and are waiting to hear back a year ago

We have sent a follow up to the blogifierdotnet/blogifier team. We will try again in 7 days. a year ago

We have sent a second follow up to the blogifierdotnet/blogifier team. We will try again in 10 days. a year ago

A blogifierdotnet/blogifier maintainer validated this vulnerability a year ago

Dom0nS has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A blogifierdotnet/blogifier maintainer marked this as fixed in 3.0.0 with commit a7fa4d a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation