Open Redirect in star7th/showdoc
Nov 20th 2021
I found a new way to exploit Open Redirect at the "redirect" parameter on the login page by using the Chinese dot (
%E3%80%82) to bypass the dot (.) filter.
Proof of Concept
Send users the following login link
After users use their registered accounts to login, they will be redirected to
By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.