Open Redirect Vulnerability

# Vulnerability
CWE-601: URL Redirection to Untrusted Site ('Open Redirect') 

# Summary
The login page URL can include a url parameter, and after authentication, users will be redirected to this URL. If an attacker provides a url pointing to a phishing or other malicious website, users will be redirected there after logging in.

# Details
## Taint source
`GET /bbs/login` 

<img width="1610" height="1490" alt="Image" src="https://github.com/user-attachments/assets/4d2ac20b-1f26-4efc-99ba-57f03d65d5fb" />

On the login page, the view passes the url parameter from the URL to the template. When the template renders the page, it fills this url into an input field in the form. When users POST login data (i.e., POST /bbs/login), upon successful authentication, they will be redirected to the url value from the form.

<img width="804" height="1170" alt="Image" src="https://github.com/user-attachments/assets/6ad54a0c-5b33-4afb-ae1f-b31ef248728c" />

## Taint sink
`POST /bbs/login` 

# POC
For example, if the BBS website is at 127.0.0.1:8000, requesting http://127.0.0.1:8000/bbs/login?url=http://google.com will cause the browser to open the Google homepage after successful authentication.
 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Open Redirect Vulnerability #646

Vulnerability

Summary

Details

Taint source

Taint sink

POC

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Open Redirect Vulnerability #646

Description

Vulnerability

Summary

Details

Taint source

Taint sink

POC

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions