OPEN URL REDIRECT through PNG files
Medium
K
Khan Academy
Submitted None
Team Summary
Official summary from Khan Academy
An abuse of the image_url parameter when saving a CS program was able to create an arbitrary external redirect. We now validate the parameter before using it.
Actions:
Reported by
dineshvicky
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic