smlogin.aa.com Open Redirect vulnerability

2017-05-18T01:12:00
ID OBB:238570
Type openbugbounty
Reporter Jack
Modified 2017-08-10T15:16:00

Description

Vulnerable URL:
https://smlogin.aa.com/siteminderagent/SmMakeCookie.ccc?SMSESSION=QUERY&PERSIST;=0⌖=$SM$//www.openbugbounty.org//%2F%2E%2E&usg;=AFQjCNEZdCihOgpj9Vl30Qd8cuz33EzEyA
Details:

Description| Value
---|---
Patched:| Yes, at
Vulnerability type:| Open Redirect
Vulnerability status:| Publicly disclosed
Alexa Rank| Unknown / Not calculated
VIP website status:| No
Check smlogin.aa.com SSL connection:| (Grade: A)

Coordinated Disclosure Timeline:

Description| Value
---|---
Vulnerability submitted via Open Bug Bounty| 18 May, 2017 01:12 GMT
Vulnerability existence verified and confirmed| 18 May, 2017 15:12 GMT
Notification sent to subscribers (without technical details)| 18 May, 2017 18:17 GMT
Generic security notifications sent to website owner| 27 May, 2017 03:50 GMT
Vulnerability details disclosed by researcher| 10 August, 2017 15:16 GMT