URL redirection flaw

Disclosed: 2014-08-30 07:20:16 By anandpingsafe To slack
Unknown
Vulnerability Details
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1) Go to this URL: https://slack.com/checkcookie?redir=http://www.likelo.com Proper checks should be there on the redir parameter that should only allow to redirect on slack.com URL. Please have a look. Best regards, Anand
Actions
View on HackerOne
Report Stats
  • Report ID: 2622
  • State: Closed
  • Substate: resolved
  • Upvotes: 4
Share this report