We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

/

Open Redirect in erudika/scoold

Valid

Reported on

Jul 31st 2021

✍️ Description

There is an open redirect vulnerability in the following URL:

https://live.scoold.com/signin?returnto=https://google.com

🕵️‍♂️ Proof of Concept

Step to reproduce
1. open above URL
2. login in the applicaiton
3. you redirect to google.com

💥 Impact

That causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. also it can chain with some other vulnerabilities like SSRF, etc.

Occurrences

SigninController.java L118

References

Open redirect

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago

Musio modified the report

2 years ago

Alex Bogdanovski validated this vulnerability 2 years ago

Musio has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alex Bogdanovski marked this as fixed with commit 677ab7 2 years ago

Alex Bogdanovski has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago

Musio modified the report

2 years ago

Alex Bogdanovski validated this vulnerability 2 years ago

Musio has been awarded the disclosure bounty

The fix bounty is now up for grabs

Alex Bogdanovski marked this as fixed with commit 677ab7 2 years ago

Alex Bogdanovski has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation