Open Redirect in collectiveaccess/providence
Nov 21st 2021
I found a new way to bypass the Open Redirect with the "redirect" parameter on the login page.
Proof of Concept
Send users the following login link
After users use their registered accounts to log in, they will be redirected to
Note that I can completely host a domain and create the subdomain like that.
This functionality is not restricted to relative URLs within the application and could be leveraged by an attacker to fool an end-user into believing that a malicious URL they were redirected to is valid. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Thanks for catching that.
Hi @collectiveaccess, can you review and validate my other report to you at