Mapbox: Content Spoofing and Local Redirect in Mapbox Studio

ID H1:114529
Type hackerone
Reporter hussain_0x3c
Modified 2016-04-20T14:30:49



I'm Found Bug It is Possible To Send His message Directly Through URL and Redirect Local .

Details When you go to :- website redirect to ~~~,only admins allowed here.&redirect=/studio/&path=/studio/admin/ ~~~ You can see parameter message and redirect not safe against the manipulation and interference

# Content Spoofing and Redirect

URL POC ~~~ ~~~ Message Changed and If Click On Okay Redirect on

Regards Hussain