Qlik Open Redirect

2015-04-07T00:00:00
ID PACKETSTORM:131319
Type packetstorm
Reporter Provensec
Modified 2015-04-07T00:00:00

Description

                                        
                                            `# Affected software: qlik  
# Type of vulnerability:open redirect  
# URL:qlik.com  
# Discovered by: provensec  
# Website: provensec.com  
  
#version: n/a  
# Proof of concept  
vulnerable param:returnurl  
  
https://login.qlik.com/login.aspx?status=lol&returnURL=domain  
  
example:  
  
https://login.qlik.com/login.aspx?status=lol&returnURL=http%3a%2f%2fgoogle.com%2f  
  
--   
  
Best Regards,  
Ankit Bharathan /*Security Researcher*  
[image: Provensec,llc] <http://provenec.com/>  
  
ankit.b@provensec.com  
  
Provensec,llc  
http://provenec.com  
  
P *Consider the environment. Please don't print this e-mail unless  
absolutely necessary.*  
`