Open s-b-repo opened 9 months ago
eyedeekay
commented
9 months ago Probably low-priority, these are coming from inside the I2P application itself, i.e. they are probably trusted inputs. Leaving it open to have a look at the I2PSnarkServlet and the WebMail points, those could potentially come from partially user-supplied inputs. Not likely actionable.
s-b-repo
commented
9 months ago Probably low-priority, these are coming from inside the I2P application itself, i.e. they are probably trusted inputs. Leaving it open to have a look at the I2PSnarkServlet and the WebMail points, those could potentially come from partially user-supplied inputs. Not likely actionable.
may able to do something un wanted with webmail like when a attacker mails a exploit activating the redirect
Open Redirect
url = url.substring(0, qq); buf.append(url); if (q != null && q.length() > 0) buf.append(q.replace("&", "&")); // no you don't html escape the redirect header resp.setHeader("Location", buf.toString()); line # 2480
[apps/susimail/src/src/i2p/susi/webmail/WebMail.java] Open this link in a new tab
line 1617
Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability. [apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java]
Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability. [apps/routerconsole/jsp/index.jsp:50]
Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability. [apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java:193]