Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/logout/?target=? opens up phishing possibilities #13310

Open
bakert opened this issue Nov 12, 2024 · 1 comment
Open

/logout/?target=? opens up phishing possibilities #13310

bakert opened this issue Nov 12, 2024 · 1 comment
Labels
triage Used by bot to label unlabeled tasks, will be removed automatically upon labeling

Comments

@bakert
Copy link
Member

bakert commented Nov 12, 2024
edited
Loading

Someone could form a link with a target that goes to their website (that looks like pdm or whatever).

I don't know what phishing you're going to do with pdm exactly given that all the players are penniless and we never ask you for anything worth phishing. But we should close the vulnerability on principle. Presumably we can either just use a path as target or ensure that target starts with https:://ourdomain?

Noticed by a bot on #13309 although that's not where the vulnerability was created.

There might be other target querystring params in other parts of the site, not sure.
@github-actions github-actions bot added the triage Used by bot to label unlabeled tasks, will be removed automatically upon labeling label Nov 12, 2024
@bakert
Copy link
Member Author

bakert commented Nov 12, 2024

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage Used by bot to label unlabeled tasks, will be removed automatically upon labeling
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bakert