[EE] Spoof the redirect process
Low
E
ExpressionEngine
Submitted None
Team Summary
Official summary from ExpressionEngine
The original report was not a security issue, but that did lead the reporter to discovering that a user could potentially be tricked by nesting redirects so that they first redirected to the site itself, which would allow the second redirect to occur without warning the user that they were being taken off-site. ``` https://example.com/?URL=https://example.com/?URL=http://evil.com ```
Actions:
Reported by
flex0geek
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Open Redirect