Mapbox: Content Spoofing and Local Redirect in Mapbox Studio

2016-02-03T23:51:14
ID H1:114529
Type hackerone
Reporter hussain_0x3c
Modified 2016-04-20T14:30:49

Description

Hi

I'm Found Bug It is Possible To Send His message Directly Through URL and Redirect Local .

Details When you go to :- https://www.mapbox.com/studio/admin/ website redirect to ~~~ https://www.mapbox.com/studio/forbidden/?message=Sorry,only admins allowed here.&redirect=/studio/&path=/studio/admin/ ~~~ You can see parameter message and redirect not safe against the manipulation and interference

# Content Spoofing and Redirect

URL POC ~~~ https://www.mapbox.com/studio/forbidden/?message=Hi%20You%20Are%20%20Not%20%20in%20Mapbox%20Please%20Go%20%20To%20http://evil.com&redirect=/evil.com/&path=%2Fstudio%2Fadmin%2F ~~~ Message Changed and If Click On Okay Redirect on evil.com

Regards Hussain