Open Redirect in blogifierdotnet/blogifier

Valid

Reported on

Apr 12th 2022


Description

An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites. The bug exists due to improper fix of https://huntr.dev/bounties/bac0b763-730c-4c4b-8b20-eb4926928cf3/. By using double / it is possible to bypass the check for http at the beggining of url and get open redirect

Proof of Concept

The url below is vulnerable to open redirect after login. It will redirect the user to any arbitrary site.

http://demo.blogifier.net/admin/login/?returnUrl=//google.com

Impact

Open redirect to any site

We are processing your report and will contact the blogifierdotnet/blogifier team within 24 hours. 2 years ago
We have contacted a member of the blogifierdotnet/blogifier team and are waiting to hear back 2 years ago
We have sent a follow up to the blogifierdotnet/blogifier team. We will try again in 4 days. 2 years ago
We have sent a second follow up to the blogifierdotnet/blogifier team. We will try again in 7 days. 2 years ago
blogifierdotnet/blogifier maintainer validated this vulnerability 2 years ago
dom0ns has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
blogifierdotnet/blogifier maintainer marked this as fixed in 3.0.0 with commit a7fa4d 2 years ago
The fix bounty has been dropped
Login.razor.cs#L22-L23 has been validated
to join this conversation