search

top-gg / issues

Report bugs related to Top.gg. For feature requests: https://feedback.top.gg
35 stars 13 forks source link

[Open Redirect] Auction API redirects to arbitrary domains. #871

Open jjfeldcher opened 2 years ago

jjfeldcher commented 2 years ago

Expected Behavior

Top.gg redirects to only auction-allowed domains.

Observed Behavior

The application allows for arbitrary redirection to any domain on the internet. (Open Redirect)

Applicable Links or Attachments

Open Redirect

Steps to Reproduce

  1. Open top.gg
  2. Click on any "promoted ad/bot" and observe the following URL: https://top.gg/api/client/auctions/click?targetUrl=**http://botapp.com**&spotId=**spotid**&auctionId=**auctionId** or this current live URL https://top.gg/api/client/auctions/click?targetUrl=https%3A%2F%2Fmushroom.gg%2Fget-mushroom%3Ftopgg&spotId=11&auctionId=43
  3. Change targetUrl= value to any domain like scammer.com or google.com and notice that top.gg does not complain and takes the browser to said domain.

Web Browser and Version

Firefox 98

Operating System and Version

Windows 10 Home