Open Redirect Vulnerability on /js/a/cms/site/select

# Summary
The redirect method has an insecure implementation. Since the redirect parameters are user-controllable, this leads to an Open Redirect vulnerability.

# Details

- src/main/java/com/jeesite/modules/cms/web/SiteController.java
```
	@RequestMapping(value = "select")
	public String select(String siteCode, String redirect, HttpServletRequest request, HttpServletResponse response){
		if (StringUtils.isBlank(siteCode)){
			return REDIRECT + adminPath + "/cms/index";
		}
		UserUtils.putCache("currentSiteCode", siteCode);
		if (StringUtils.isNotBlank(redirect)){
			return REDIRECT + redirect;
		}
		return renderResult(response, Global.TRUE, "切换站点成功！");
	}
```


# POC
http://127.0.0.1:8980/js/a/cms/site/select?redirect=https://google.com/&siteCode=111

# Impact

https://www.invicti.com/learn/open-redirect-open-redirection/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Open Redirect Vulnerability on /js/a/cms/site/select #28

Summary

Details

POC

Impact

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Open Redirect Vulnerability on /js/a/cms/site/select #28

Description

Summary

Details

POC

Impact

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions