Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrKhanhchauminhFFC61EFF-EFEA-42C5-92C2-E043FDF904D5
HistoryNov 15, 2021 - 1:32 p.m.

Open Redirect in star7th/showdoc

2021-11-1513:32:44
khanhchauminh
www.huntr.dev
9

0.001 Low

EPSS

Percentile

30.2%

JSON

Description

Open Redirect at login page due to unchecked “redirect” parameter.

Vulnerable parameter

redirect

Payload

/%09/google.com

Proof of Concept

Send users the following login link https://www.showdoc.com.cn/user/login?redirect=/%09/google.com
After users use their registered account to login, they will be redirected to google.com

Impact

By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Related

nvd 1
osv 2
cnvd 1
cvelist 1
veracode 1
github 1
prion 1
cve 1
nvd
nvd
CVE-2021-3989
2021-12-01 11:15:07
osv
osv
showdoc is vulnerable to URL Redirection to Untrusted Site
2021-12-03 20:41:35
CVE-2021-3989
2021-12-01 11:15:07
cnvd
cnvd
showdoc input validation error vulnerability
2021-12-02 00:00:00
cvelist
cvelist
CVE-2021-3989 Open Redirect in star7th/showdoc
2021-12-01 10:55:10
veracode
veracode
Open Redirect
2021-12-02 15:28:54
github
github
showdoc is vulnerable to URL Redirection to Untrusted Site
2021-12-03 20:41:35
prion
prion
Design/Logic Flaw
2021-12-01 11:15:00
cve
cve
CVE-2021-3989
2021-12-01 11:15:07

0.001 Low

EPSS

Percentile

30.2%

JSON
Related for FFC61EFF-EFEA-42C5-92C2-E043FDF904D5
nvd1osv2cnvd1cvelist1veracode1github1prion1cve1