logo
DATABASE RESOURCES PRICING ABOUT US

politis.fr Open Redirect vulnerability

Description

Open Bug Bounty ID: OBB-1158118 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[politis.fr](<https://www.politis.fr>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[Open Redirect](<https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet>)** / CWE-601 CVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **hacker22385 ** Remediation Guide:| **[OWASP Open Redirect Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAA3CAIAAABVZQ1/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAUNklEQVR4nO2df0yTR/zHK3asdkUQyyM/qkDn2EIII44RZlhiiHHICGkYW5giMiWOGMOUEIfoGGMMGUPjGCFsYUYXs/nHwprGGLIwYghhBFnTsY4VQhjUrjaIWLSygpXn+8d9ve+z57nn+rRQRb6f11/c9e5z93k/1+d47rl+bg3LsjIAAAAACABBT7oDAAAAwKoF5hgAAAAgUMAcAwAAAAQKmGMAAACAQAFzDAAAABAoYI4BAAAAAsXKnWPi4+N///13sSSAWaIyT4uwT0s/AQDgskLnmD/++GNxcfHll18mJgHMEpV5WoR9WvoJAAAPL3PM5ORkSEgI8aPZ2dnTp0+LJZeIwWDIzc0VS640eCpxk1xZKGKKcezYsXXr1l28eFGsgE/KTE5Obtiwwe/qFIN+uCYGcSBx+zk/P//uu+8Sm7t3715UVNTIyAju3pr/Eh8fL9buyMjI7t27Q0NDN23adPDgwdnZWZR/+/btffv2RURExMTEnDhx4sGDB5TOixkRcuvWrb17927cuDEmJubYsWPz8/OUfLq8FEGI7N69++uvv5ZSkqenT1J4hTsaiboJL9/u3bv9aEg4KsS0ErsoQjvLOOBXPf4/xzidzvr6erHkEnm65hgesbGx09PT6G+uLNx8Kdy+fbu5ubm/v7+wsFCszBKVWS5hfXWNAnEg4X7Oz89nZWV5PB5i3ebm5sLCwhdffBHnqFQq9yPq6uqSk5PF2s3OztZoNBaLxWg0ut3u0tJSlF9UVLS4uGgymbq7u69du1ZbW0vpvJgRIUVFRQqFwmw29/T0DA0NnTp1ip4vBl0QISMjI0ajsaioSEphnp4+SeETYrpxL5/b7TYYDH4YF44KMejiS7cD/AeWysTEhEqlkvIRpaSv2O32sLCwhYUFYnIFIl2l5TKL8FWZiYmJsLAwv6t7NbgsCL3m9nNiYqKuro6ozN27d5OSku7evYtzHA5HVlYWTiYmJnZ0dBAbdbvd586dw3WHhoY0Gg3Lsi6XKygoyOl0ovze3t6EhASxnosZEeJyuRQKhcvlQsmBgYGtW7dS8ukDTEwQIocPHz516pSUkjw9fZJCCnjwiOm2LLcU4agQMysmPtHOMt7uVj2S5phz587FxcWFh4cXFhaiQeZ0OvEsdeHCBW7yzJkzKpWqsbGRYZiwsLCioqK5uTlkbWBgICMjQ6VSRUdH5+XlDQ8PExtta2t75513hEmdTtfY2IgyTSZTcHAwHvGHDh2qqKigF9i6dSu9utBxohcul+vQoUNqtVqj0dTU1Hg8HrHplqcSt5hXKbiPBUjS+vp6tVodGRnZ3t4uFGpgYCA9PV2hUKjV6vz8fJvNhvJtNtuuXbtUKlVCQkJ9fT13SsDVUcd49t1u94EDB1Qq1ZYtW6qrqz0eD8Ugds0nUx6Pp7KykmEYpVKZn58/PT3NU4w4HliRb3h9fT2uImRgYECtVqOJStgut+TCwsLx48eLioqEDXHnVOlGvNLb25uYmEjJR91oaGgQjkbcMSm3PKfTGR4e7nA4cA7FC56eFCmIEAckZTQieOIrlcqysjKGYRiGOXr0KB45QsQcEY4Kr2IieBeFqIZXIwArZY6RyWTFxcV2u31sbCwzM7O0tBR9ZLFY0JMsuvA4OT4+LpPJ8vPzrVbr2NhYUlJSTU0NqsIwTHt7+8zMzPj4+NmzZ8fHx4mNZmdnX7p0SZhsb2/ftWsXyqyrq5PL5ZcvX0ZJrVbb3d1NL1BRUUGvLnSc6MWBAwdycnKsVqvZbN62bVtzczPlkY6rEjdfihQ8SYuKihwOR2dnp8ViEQrV1tZ2/vx5p9PpcDiOHj2q0+lQvk6n43rB/Vbj6shZnv2qqqqCgoLx8fHh4eEdO3a0tLRQDHLnGOmm6uvrU1NTh4aGbDZbWVlZT08PKxhXwvHAkm6pLpdLrVZrtdro6Oiqqirhzejw4cNlZWWUdhEdHR1yuXzHjh1ut1vYEPfGKt2IV7KyshoaGij5lNEoJgiRpqYm3rQn5oVQT1/nGOKApIxGliS+TCarqqqamppC5ZuamsSaIzpCHBVexURwLwpRDSlGAFbiHIOfEPv6+rRaLf6IeGNFVaxWK8rv6OhITU1lWXZmZkYulxO/dVarNS4uDv3tcrlUKtXMzIwwabfblUolspCWllZeXr5nzx7U4vr16xcWFugFrFYrvbrQcaEXHo9HpVLhKcFgMKSnp1PmGOLfFCl4feBKijUhCsVlbGwsMjIS9VahUHC9wN9qbnWifbVajdcNTCZTWloaxSC9q0RTLMsyDGM0GsW8prgpvKU2NTXpdLrp6Wn0hW9ubuZ+6na7w8LCcFvEdhFzc3M9PT1JSUltbW3Chrg3VulG6NTU1OzcuVM4KXLzxUYjt2NS5hitVmsymaR4IdTT1zmGCxqQlNGI4Onmdrv7+/vxp3q9Ho8cIURHiKPCq5is4KIQ1fBqBED49j6GO7Aoc4xCocD5w8PDDMOgvwsKClJSUsrLy5uamq5du4bLeDweu92O/u7o6MjMzMQf8ZIpKSnd3d0Oh0Oj0TidToZhPB5Pe3t7Xl6elAJeq3PdIXpht9uDg4Nx/ujoaGRkpK9zDEUKovjEOwhPGaPRuHPnzujoaLVaHR4eji6T3W7neYEvH7e60P7MzIxMJlM/Ijw8HLtPNEjpqpgpp9Mpl8uF91aeBZ6bYh1OSEjAX3iDwcD7wl++fDk5ORn9LdYul6tXr27btk3YEB7/PhlhWVbNgVtGr9drtVreOpswn/KdwgW4/SQ2h5WU4oVQT8qtgNiccEBSRqOYblwsFgv6z0nYopgjxFHhVUzhRSGqQTcCYOR+bxbwgx9++OG3334zm812u728vHz79u1fffWVTCZbu3ZtVFQUKkPfUZadnd3V1TU+Pp6TkxMaGpqSktLT09PV1ZWdnS2lgNfqjw0xKaTDU0an05WUlLS1tSkUCpvNlpWV5VN1Hm63OygoaHBwUC7/3xESFOTnFkS6qbVr1y6ln4g7d+6Mj49v3rwZJRMSEux2O7fAhQsXDhw4wM3htfvgwQOTyfTqq6+ipFar5VkgIt2IyWQSVv/zzz9LS0s7Ozs3btwoJV86xOaam5vLy8u9eiGToKeU5qQPSOniLy4uUlrkOeKrFwih+P7ZAf4P+hTk33OMjPMUqdfriU+RJpNJuOvG4/Go1Wq8EsVLsizb19eXlpaWm5t79epVlmVbW1vLysoiIyPxYxC9gNfqXHeIXizLWpkUKVjqwwFPmampKblczjWILhNvdUKv1+N8bnVix1QqlXDxQcwg/ZGLaIplWYZhTCaTmNfCfhLLsCyLpjFcTK/Xp6en409tNptCoZiamqK063a75XI5XpEzGAxoWYaymUq6ESIzMzNbt279/vvvpeR7/U5JWSuTyWTh4eHoqSIoKAg9BBAvAVFPn/aVEQek2OAR062rqyslJQUb6ejooK+VCS8HcVRQxCSKT7Qj8S4HsEtZK3O5XHK5fHR0lJfEb8NsNpvZbE5JSUFvw4aHh7Oysrq7u6enp61Wa0lJSU5ODraMXk6g1VicyUsi0CYTVN5ms61fv547EL0WoH+K35GIecGybElJSW5uLved/927d+VyucViwavnWDSuSjifIgX3JQ3lxi1UhmGY1tZWp9M5Ojqq0+nwZUJvWbEXKJ9XnXiHKi0tTU9PR09ajY2NtbW1FIP0OUbMVH19fVpaGnpPe+TIEfyeFitGHADEVnQ6XVZW1sTExNDQUGJi4vnz5/FHDQ0NeAcEpd2cnJyCggKbzWYymRITE1tbW1HhrKyswsJCu90+OjqakZGBN/76ZISHx+PZuXNnWVkZ98cflHzKaKRcQR62R/T3969fvx79TfRCTE8xKYgQByRx8Ijp5nQ61Wp1dXX19PS00WgUvmbzek2JXoiJKSY+0Y7XKwJg/J9jWJatqalRKpV4Sx9Koo22wl19CwsLNTU1CQkJwcHBDMMUFhbiPZS4lYqKiqqqKmyfl0Ts2bMnPz8fJ1NTU3ll6AUonwqfOYh7E4V7l1mWraysxFLwRMMq4XwxKSiPhrw7iFCZnp6e1NRUhUIRGRlZXl6OLxN3t2hTUxPK51Un3qHcbvfRo0c1Go1SqczOzsb/xxEN0ucYMVMej+f48eNqtVqhUKB3qjzFiAOA2Mr09PSePXvCw8O3bNnC26P10ksv6fV6bg6x3ampqYKCgrCwMI1GU1dXhwtPTU0hy9HR0ZWVlXhviE9GhP3nLSdgGcXyxXbSiwlCYeK/O7CJl4Cop5gURIgDkjh4KLoNDg6iLf5arRb/8IAI0RGiF2JiiolPtOP1igAYL3OMH/g03HkkJCRwd5Lwko+TpXjxGFiiMk9QWJ94WvoJAIAYa1iWXYa3OhwmJyeTkpLu3bu3vGYfM6vDCwAAgCfLCo27TGfVh3mHcw0AAFgdPH1zzKoP8w7nGgAAsGrwPsdID1cuk8lu37596tQphULBi/4tZkR6nHYM/sHEnTt33nvvPRRp/MMPP/Qp0rjX0NyxsbFms/n/z7kGyxWr/PHEPF9ewQEACBze5xjp4cpl4tG/iUZ8jdOOwPfc4uLihYUF1FZfX191dbUUh5cFONfgybK8ggMAEEDoWwKkhytnxX+wRondLT1OOwKHeZ+bm9NoNGKBuL0iZdsYpQzlR5dL5Emda7BcLjye/XgrfNcfAAAYL88xzz777AcffIBWPx48eHDp0qXMzEyZTHb9+vXXXntt3bp1ERERb7/99j///COTyaanp5VKZWhoKKqr0WimpqYoRmJjY0+ePElst6WlpaKiQrjqYjAYdu3a9cwzz6xbt+7GjRvPPfccyh8bG4uOjhaeR8k9pfH06dMRERFRUVHffvut9Dn4yy+/jI+P37hx4759+9AS3+zsbFxcnMvlWrNmzcWLF3lJ1NYXX3yxadOmDRs27N+//99//0Wmrl+//vrrr4eEhMTExLz11lt//fWXsDnsoDB5//79999/PyIiYvPmzZ988snDhw+xa8Tm5ufnDx48GBISEhsb+/HHH3PLnzlzJj4+fsOGDXv37uUufn7++ec8O2KSymSymzdvvvnmmyEhIfHx8WfOnOGesCm0Q++/2CUj9pMreFFR0RtvvIGrnzx5cv/+/TxJKe3yhgTFIwAA/EPqO/+ffvpJqVQODAx88803MpnMaDQeOnTI4XCYzWaNRnPkyBE/jIhx//79s2fP1tbWxsTEnDx5Et0UEMSFo5GRkYqKiqamJopNl8tlsVjMZvOFCxcyMjJ4n0YIwLVMJlNfX9/AwIDdbq+srJTJZKGhoTj+fGFhIS+Jag0MDAwODg4ODhqNxsbGRmQtJyenuLjYarX29vZmZGQoFAphPykLZWVlZXa73Wg0dnZ2GgyG1tZW3Elic7W1tXNzc0NDQ52dnT09PW1tbbj80NAQcspqtVZVVeH8wUdw7Yhx5MiR4ODgsbGxrq6u7777jis10Y5Y/8UQ6ydX8M8++6ynpwdvMTcYDHl5eTw7FN14Q0LMIwAA/Efi8w4lXDmOJO81+jfRiPQ47cQw7zabTavVopNgxDogDDjPK2kTgGv5dK4BriX9aAOJ5xoQ46RRmmNFIurznOrt7UVOidkRkxTFnsL94Qb5J9qh9J9yyYT9FAqenp7+448/4kyewnTduENCzCMAAJaCb7/zx2G3iZHkJZ4wwYvdLT1OOzHMe3p6Op6EKDcsXhN+vI+REg+U9f1oA4nnGhDPFKA0JxZRnyIR0Y5YeV5/uEH+pZ+JQO8PZSxxP21oaCguLmZZtqWlhXdcpvR2KR4BALAUvMT2Fwu77VMkeZ8Cp1MiaQsXym7evDk0NPTrr7/SvfAKXhzD3Lp1a4k2hRDj+Us/18AnljE4/wonLy8PrXRduXKluLj4SXcHAID/4OW+s7i4uH379jt37qDk6Ojoli1bbt26ZbfbP/roo+effz4mJga/V1Cr1XNzc/jdrM1mYxhGzIhYi0qlcnFx8e+//0ZJi8WCCj98+PDKlSu8ey7DMGazGSfDw8Pn5ubw6rzNZpOkgUxmEiCxIhG3233jxg30N8/ZV155Zf/+/SdOnDh//rxer+fW4jnISzIMExwczJUlLi6O0lxUVJRSqZyZmYl5BJ7JfOq2mKQMwwQFBU1OTuL+0O2I9d/vS4Z54YUXGIb55Zdf+vv7hecAUXQTlhTzCAAA//H6pEMMuy0WSV4s+jcl5rnEOO1iYd556+9paWklJSUOhwN1QGytjBeNn4gf5xqw4pHDvcbz93qugfBMAUpzrEhEffr7D6IdoqQsy+bn5+t0uomJCbPZnJyc7NUOsf8SLxlvrYynf3V1dXJysvCoCLpuwsVSokcAACwF73MMMey2WCR5sejflJjnEuO0E8O8C1/5jI2NZWZmqlSqxMTE5uZmsTmG/W80fiJ+nGuAA/hLP9pA+rkGxDMFKGcQECPq099/EGOVEyVlWdbhcOTk5KhUqri4uIaGBq92iP2XeMmEF5qrP3ruxNeCV5eiG++KEz0CAGApLH9s/wDxtIR59/vngf6da7BCfo1osVie4HnmLpdLoVDwNhwukSfrEQCsGry88185CAOXrTJ4Dj5d/ppMJq1W+6Ra//nnnzMyMpb3J5NP1iMAWDU8NXMMsNL49NNPo6Ojc3Nzx8fHq6qqHme8OC6zs7MtLS0FBQVLN7VCPAKA1cTq3M8KPAZ27NjR2tqq0WgKCwvLysqEQVweD/jFz9JNrRCPAGA1sfznYAIAAAAAAp5jAAAAgEABcwwAAAAQKGCOAQAAAAIFzDEAAABAoIA5BgAAAAgUMMcAAAAAgQLmGAAAACBQwBwDAAAABAqYYwAAAIBAAXMMAAAAEChgjgEAAAACBcwxAAAAQKCAOQYAAAAIFDDHAAAAAIEC5hgAAAAgUPwPfI3lHReAOusAAAAASUVORK5CYII=) --- **Mirror:** [Click here to view the mirror](<http://1158118.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 9 May, 2020 16:04 GMT ---|--- Vulnerability Verified:| 9 May, 2020 16:14 GMT Website Operator Notified:| 9 May, 2020 16:14 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 9 May, 2020 16:14 GMT