Open Redirect in erudika/scoold
Jul 31st 2021
There is an open redirect vulnerability in the following URL:
🕵️♂️ Proof of Concept
Step to reproduce 1. open above URL 2. login in the applicaiton 3. you redirect to google.com
That causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. also it can chain with some other vulnerabilities like SSRF, etc.