Open redirect at mc-beta-cloud-acronis.com
None
A
Acronis
Submitted None
Actions:
Reported by
angeltsvetkov
Vulnerability Details
Technical details and impact analysis
Open Redirect Vulnerability
Steps To Reproduce:
Type in this URL:
https://mc-beta-cloud.acronis.com/api/2/idp/authorize?client_id=f2e82dbb-78af-4b5b-bc7f-651d4f42a722&redirect_uri=%2Fbc%2Fapi%2Fgateway%2Fcb&response_type=code&scope=offline_access+openid+profile+email&state=http://evil.com&nonce=yhokbempqmmqllfbwpsfzfmf
You got redirect to evil.com
Parameter: state
## Impact
n attacker can use this vulnerability to redirect users to other malicious websites, which can be used for phishing and similar attacks
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Open Redirect