Open redirection on secure.phabricator.com
Unknown
Vulnerability Details
Hi,
It is possible to redirect users to malicious websites and steal their Disqus access token (not possible in case of Facebook).
Please have a look at POC video:
https://www.dropbox.com/s/41qm7lbj6rg53td/phabricator.mov
Please fix this and let me know if you need any information. It would be great if you can please copy the vulnerable link from the video.
Best Regards,
Anand Prakash
Actions
View on HackerOneReport Stats
- Report ID: 25160
- State: Closed
- Substate: resolved
- Upvotes: 1