Khan Academy: OPEN URL REDIRECT through PNG files

ID H1:163272
Type hackerone
Reporter dineshvicky
Modified 2017-02-17T19:45:10


An abuse of the image_url parameter when saving a CS program was able to create an arbitrary external redirect. We now validate the parameter before using it. I have found a way through which an attacker can use png files to redirect to malicious domain .