**Description:** Open Redirect **Domain:** idp.fr.cloud.gov **Steps To Reproduce:** Open URL: ``` https://idp.fr.cloud.gov//blackfan.ru/..;/css ``` **HTTP Response** ``` HTTP/1.1 302 Found ... Location: //blackfan.ru/..;/css/ ... ``` ## Impact A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Bounty

$150.00

Submitted

Weakness

Open Redirect