Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect URL after email dialog not verified #128

Closed
Studio384 opened this issue Aug 16, 2013 · 0 comments
Closed

Redirect URL after email dialog not verified #128

Studio384 opened this issue Aug 16, 2013 · 0 comments
Assignees
@Studio384
Labels
bug security
Milestone
ModernBB 1.6.2

Comments

@Studio384
Copy link
Member

As described in this vulnerability report, the redirect_url field that is used for sending the user back to where they came from, is not verified properly. This would allow attackers to use misc.php to redirect users to any URL on the internet.

It's sad that they decided to make this public without disclosing it to the developers first...

http://fluxbb.org/development/core/tickets/875/
@ghost ghost assigned Studio384 Aug 16, 2013
Studio384 pushed a commit that referenced this issue Aug 16, 2013
#128 Redirect URL after email dialog not verified
198083a
@Studio384 Studio384 mentioned this issue Sep 14, 2013
Closed
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Studio384 Studio384

Labels
bug security
Projects
None yet
Milestone
ModernBB 1.6.2
Development

No branches or pull requests
1 participant
@Studio384