Open Redirect in causefx/organizr
Jun 28th 2021
index.php passes unvalidated data to an HTTP redirect function on
line 7. Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks.
The data is sent at
index.php at line 7.
🕵️♂️ Proof of Concept
The following PHP code instructs the user's browser to open a URL parsed from the
$group request parameter when a user clicks the link.
case 'v1_auth': $group = ($_GET['group']) ?? 0; #takes user input header('Location: v2/auth?group=' . $group); #redirects user exit;
Attackers can utilize open redirects to trick users into visiting a URL to a trusted site and redirecting them to a malicious site. By encoding the URL, an attacker can make it more difficult for end-users to notice the malicious destination of the redirect, even when it is passed as a URL parameter to the trusted site. Open redirects are often abused as part of phishing scams to harvest sensitive end-user data.