Thank you for your contribution to the open source community
Summary:
I was able to find an Open Redirect vulnerability providing different domain in the "next" parameter that is used in the login process.
Open Redirect Description and Impact:
An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection.
Dear Team,
Thank you for your contribution to the open source community
Summary: I was able to find an Open Redirect vulnerability providing different domain in the "next" parameter that is used in the login process.
Open Redirect Description and Impact: An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection.
Vulnerable Code: https://github.com/samuelclay/NewsBlur/blob/1f74f1a09f4777fbd9e7b48b4b42c11c58d5b8ee/apps/reader/views.py#L203-L205
Here if the "next" parameter was any of the following:
?next=https://www.google.com?next=//google.comRecommended Solution: To remediate this use: url_has_allowed_host_and_scheme method provided by django.utils.http The code should look like this:
Thank you for your attention to this matter. I look forward to your response and am ready to assist in any way necessary to resolve this issue.
Regards, Cainor