Open Redirect at login page due to unchecked “redirect” parameter.
redirect
/%09/google.com
Send users the following login link https://www.showdoc.com.cn/user/login?redirect=/%09/google.com
After users use their registered account to login, they will be redirected to google.com
By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.