PT-2018-12926 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: Gogs versions prior to 0.12 Description: The issue allows remote attackers to redirect users to arbitrary websites, potentially leading to phishing attacks. This is achieved via an initial / substring in the redirect to parameter. The...

GitLab: [Repository Import] Open Redirect via "continue[to]" parameter

Hi, While experimenting with Repository Import functionality on a fresh GitLab 9.0 CE install, I noticed that the continueto parameter can be used to perform an Open Redirect through the inclusion of a double-slash prefix. Proof of Concept The following Proof of Concept URL enables a malicious...