Open Redirect in star7th/showdoc


Reported on

Nov 15th 2021


Open Redirect at login page due to unchecked "redirect" parameter.

Vulnerable parameter




Proof of Concept

Send users the following login link
After users use their registered account to login, they will be redirected to


By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.


We are processing your report and will contact the star7th/showdoc team within 24 hours. 23 days ago
We have contacted a member of the star7th/showdoc team and are waiting to hear back 22 days ago
Chau Minh Khanh modified their report
21 days ago
Chau Minh Khanh modified their report
21 days ago
We have sent a follow up to the star7th/showdoc team. We will try again in 7 days. 19 days ago
star7th validated this vulnerability 18 days ago
Chau Minh Khanh has been awarded the disclosure bounty
The fix bounty is now up for grabs
star7th confirmed that a fix has been merged on 335afc 18 days ago
star7th has been awarded the fix bounty
Chau Minh Khanh
18 days ago


Hi @star7th, @admin, I would be happy if my name (Chau Minh Khanh) be credited when this vulnerable is public on Snyk or anywhere else. Thanks a lot!

Jamie Slome
18 days ago


@khanhchauminh - we will be publishing the CVE! The report URL (this page) will be included and naturally display your profile ♥️

Jamie Slome
7 days ago


CVE published! 🎊