Open redirect on the https://tt.hboeck.de
Low
Vulnerability Details
Hi Team!
Testing request:
`POST /public.php?return=%2F HTTP/1.1
Host: tt.hboeck.de
...........
op=login&login={….}&password={...}&profile=0`
Vulnerable parameter: `return`
Method: `POST` -> `GET` -> OK
POC:
`https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0`
## Impact
User can be redirect to malicious site.
Actions
View on HackerOneReport Stats
- Report ID: 503922
- State: Closed
- Substate: resolved
- Upvotes: 25