{"id": "H1:503922", "hash": "9b0adf37a6fbe9091ae9e622733e1e53", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "Hanno's projects: Open redirect on the https://tt.hboeck.de", "description": "Hi Team!\n\nTesting request:\n`POST /public.php?return=%2F HTTP/1.1\nHost: tt.hboeck.de\n...........\nop=login&login={\u2026.}&password={...}&profile=0`\n\nVulnerable parameter: `return`\n\nMethod: `POST` -> `GET` -> OK\n\nPOC:\n`https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0`\n\n## Impact\n\nUser can be redirect to malicious site.", "published": "2019-03-01T17:47:36", "modified": "2019-03-03T16:24:37", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/503922", "reporter": "zophi", "references": [], "cvelist": [], "lastseen": "2019-03-24T08:15:40", "history": [], "viewCount": 12, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2019-03-24T08:15:40"}, "dependencies": {"references": [], "modified": "2019-03-24T08:15:40"}, "vulnersScore": -0.1}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"url": "https://hackerone.com/hannob", "handle": "hannob", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/030/278/253800fbe8bfabdc72f03b7f0f1ddb38adb47f82_small.?1529948333", "medium": "https://profile-photos.hackerone-user-content.com/000/030/278/dfe1a45d96316ca04d5f928eaff3e62f576945a8_medium.?1529948333"}}, "h1reporter": {"disabled": false, "username": "zophi", "url": "/zophi", "profile_picture_urls": {"small": "/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"}, "is_me?": false, "hackerone_triager": false, "hacker_mediation": false}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.hackerone.HackerOneBulletin"]}

{}