Unvalidated redirect on user profile website
Unknown
Vulnerability Details
The user profile redirect request is not properly validated. The presence of parameter t which is being passed through the request is verified but same value can be reused to any unauthenticated or authenticated user to redirect them to any web site.
Sample link is given below.
https://www.zomato.com/redirect?u=http%3A%2F%2Ftest.com&t=38dc43d5f007f4c5d974f6c74f065158&g=user-profile-website
Actions
View on HackerOneReport Stats
- Report ID: 143265
- State: Closed
- Substate: informative
- Upvotes: 1