Summary by AndreaAmaddio
Open redirect vulnerability: Unvalidated_redirects_and_forwards.open_redirect.get_based
Open Redirect on https://www.sac.vrl.com.au
Disclosed by AndreaAmaddio- Engagement Village Roadshow Vulnerability Disclosure Program
- Disclosed date 11 months ago
- Priority P4 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Report details
-
Submitted
-
Target Location
*.vrl.com.au -
Target category
Web App
-
VRT
Unvalidated Redirects and Forwards > Open Redirect > GET-Based -
Priority
P4 -
Bug URL
https://sac.vrl.com.au/sap/public/bc/icf/logoff?redirecturl=https://www.google.com -
Description
User can be redirect to malicious site
POC: https://sac.vrl.com.au/sap/public/bc/icf/logoff?redirecturl=https://www.google.com
I hope you know the impact of open redirect and more info refer
https://cwe.mitre.org/data/definitions/601.htmlImpact
User can be redirect to malicious site.