Open redirect while disconnecting Email
Unknown
Vulnerability Details
Hi team,
there is a open redirect end point when any account owner disconnect email accounts. He is redirected to some other domain.
Vulnerable URL
https://demo.weblate.org/accounts/disconnect/email/2354/?next=http://google.com
POC
Steps:
Go to authentication tab.
Disconnect Email account and capture the request.
Now, after next= write https://evil.com.
You are redirected to evil.com
Thanks,
Actions
View on HackerOneReport Stats
- Report ID: 238117
- State: Closed
- Substate: resolved
- Upvotes: 5