Hanno's projects: Open redirect on the https://tt.hboeck.de

2019-03-01T17:47:36
ID H1:503922
Type hackerone
Reporter zophi
Modified 2019-03-03T16:24:37

Description

Hi Team!

Testing request: POST /public.php?return=%2F HTTP/1.1 Host: tt.hboeck.de ........... op=login&login={….}&password={...}&profile=0

Vulnerable parameter: return

Method: POST -> GET -> OK

POC: https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0

Impact

User can be redirect to malicious site.