Semmle: DOMXSS in redirect param

2018-06-03T10:03:13
ID H1:361287
Type hackerone
Reporter flamezzz
Modified 2019-03-20T12:34:50

Description

Summary

The redirect param can consist of a javascript: url, which results in XSS. If a victim visits a malicious URL and logs in, the attacker can perform actions on behalf of the victim.

Steps to reproduce

1) Logout 2) Visit https://lgtm-com.pentesting.semmle.net/?redirect=javascript:prompt(document.domain)%2f%2f 3) Log in through email

Impact

If a victim visits a malicious URL and logs in, the attacker can perform actions on behalf of the victim.