Open Redirect in star7th/showdoc

Valid

Reported on

Nov 15th 2021

Description

Open Redirect at login page due to unchecked "redirect" parameter.

Vulnerable parameter

redirect

Payload

/%09/google.com

Proof of Concept

Send users the following login link https://www.showdoc.com.cn/user/login?redirect=/%09/google.com
After users use their registered account to login, they will be redirected to google.com

Impact

By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

References

Open Redirect

We are processing your report and will contact the star7th/showdoc team within 24 hours. a year ago

We have contacted a member of the star7th/showdoc team and are waiting to hear back a year ago

KhanhCM modified the report

a year ago

KhanhCM modified the report

a year ago

We have sent a follow up to the star7th/showdoc team. We will try again in 7 days. a year ago

star7th validated this vulnerability a year ago

KhanhCM has been awarded the disclosure bounty

The fix bounty is now up for grabs

star7th marked this as fixed in 2.9.13 with commit 335afc a year ago

star7th has been awarded the fix bounty

This vulnerability will not receive a CVE

KhanhCM

commented a year ago

Researcher

Hi @star7th, @admin, I would be happy if my name (Chau Minh Khanh) be credited when this vulnerable is public on Snyk or anywhere else. Thanks a lot!

Jamie Slome

commented a year ago

Admin

@khanhchauminh - we will be publishing the CVE! The report URL (this page) will be included and naturally display your profile ♥️

Jamie Slome

commented a year ago

Admin

CVE published! 🎊

to join this conversation

We are processing your report and will contact the star7th/showdoc team within 24 hours. a year ago

We have contacted a member of the star7th/showdoc team and are waiting to hear back a year ago

KhanhCM modified the report

a year ago

KhanhCM modified the report

a year ago

We have sent a follow up to the star7th/showdoc team. We will try again in 7 days. a year ago

star7th validated this vulnerability a year ago

KhanhCM has been awarded the disclosure bounty

The fix bounty is now up for grabs

star7th marked this as fixed in 2.9.13 with commit 335afc a year ago

star7th has been awarded the fix bounty

This vulnerability will not receive a CVE

KhanhCM

commented a year ago

Researcher

Hi @star7th, @admin, I would be happy if my name (Chau Minh Khanh) be credited when this vulnerable is public on Snyk or anywhere else. Thanks a lot!

Jamie Slome

commented a year ago

Admin

@khanhchauminh - we will be publishing the CVE! The report URL (this page) will be included and naturally display your profile ♥️

Jamie Slome

commented a year ago

Admin

CVE published! 🎊

to join this conversation