Closed papayasoft closed 2 years ago
It is possible to bypass the whitelist by using a redirect with a schema-less url:
?redirect=//nonwhitelisteddomain.com/path/to/page
which opens up a possible phishing attack via Unvalidated Redirect:
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
This tweak closes the whitelist bypass while still allowing root-absolute destinations.
It is possible to bypass the whitelist by using a redirect with a schema-less url:
which opens up a possible phishing attack via Unvalidated Redirect:
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
This tweak closes the whitelist bypass while still allowing root-absolute destinations.