Open Redirect in archivy/archivy

Valid

Reported on

Feb 16th 2022

Description

The application doesn't check the target website before redirecting leads to Open Redirect vulnerability.

Proof of Concept

Install local service for testing

  • Step 1: Go to http://127.0.0.1:5000/login?next=%2F%2fevil.com
  • Step 2: Enter valid credential, you will be redirect to evil.com
  • PoC: https://drive.google.com/file/d/1mwGtImU2srYZ_3FlHQBrAJFzt3PyZQzM

Impact

Attackers can redirect users to any website and perform phishing attacks.

We are processing your report and will contact the archivy team within 24 hours. 2 years ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 2 years ago
We have contacted a member of the archivy team and are waiting to hear back 2 years ago
We have sent a follow up to the archivy team. We will try again in 7 days. 2 years ago
archivy/archivy maintainer validated this vulnerability 2 years ago
nhiephon has been awarded the disclosure bounty
The fix bounty is now up for grabs
We have sent a fix follow up to the archivy team. We will try again in 7 days. 2 years ago
We have sent a second fix follow up to the archivy team. We will try again in 10 days. 2 years ago
archivy/archivy maintainer marked this as fixed in 1.7.0 with commit 2d8cb2 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
routes.py#L266-L267 has been validated
to join this conversation