Khan Academy: OPEN URL REDIRECT through PNG files

2016-08-25T05:17:09
ID H1:163272
Type hackerone
Reporter dineshvicky
Modified 2017-02-17T19:45:10

Description

An abuse of the image_url parameter when saving a CS program was able to create an arbitrary external redirect. We now validate the parameter before using it. I have found a way through which an attacker can use png files to redirect to malicious domain .