Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Open redirect on the https://tt.hboeck.de

Low
H
Hanno's projects
Submitted None

Team Summary

Official summary from Hanno's projects

Reporter discovered an open redirect in an installation of tt-rss (Tiny Tiny RSS). While low impact, it was a valid issue. It's been reported to the tt-rss project and fixed there: https://git.tt-rss.org/fox/tt-rss/commit/c68ac04020d85a296c784de18f8def3f365f9f6a

Actions:
View on HackerOne
Reported by zophi

Vulnerability Details

Technical details and impact analysis

Open Redirect
Hi Team! Testing request: `POST /public.php?return=%2F HTTP/1.1 Host: tt.hboeck.de ........... op=login&login={….}&password={...}&profile=0` Vulnerable parameter: `return` Method: `POST` -> `GET` -> OK POC: `https://tt.hboeck.de/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0` ## Impact User can be redirect to malicious site.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Open Redirect