Open Redirection while saving User account Settings
Medium
Vulnerability Details
Hi team ,
I got a Open redirection while saving account setting . This could lead to serious issues .
**Endpoint :-** https://moneybird.com/user/edit?return_to=//evil.com
##Reproduce :-
* Visit https://moneybird.com/user/edit?return_to=//evil.com and click on `Save` .
* You will be take to evil.com .
##Impact :-
Attacker can redirect a user to a fake login page easily to get his login and other sensitive infos .
Thanks .
Actions
View on HackerOneReport Stats
- Report ID: 288219
- State: Closed
- Substate: resolved
- Upvotes: 26