oss-sec mailing list archives
Open Redirect in Tiny Tiny RSS (tt-rss)
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 3 Mar 2019 17:31:17 +0100
Hi, Via my personal Bug Bounty program on hackerone I got a report about an open redirect in a publicly accessible instance of Tiny Tiny RSS I have running on a subdomain. I'm aware that whether open redirects are vulnerabilities is debatable (which is also reflected in the discussion with tt-rss, but they fixed it nevertheless). PoC: https://[hostname]/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0 Report to tt-rss developers: https://discourse.tt-rss.org/t/open-redirect-via-public-php/2077 Fix: https://git.tt-rss.org/fox/tt-rss/commit/c68ac04020d85a296c784de18f8def3f365f9f6a This was reported by Mariia Aleksandrova (zophi), I just forwarded the report to the tt-rss developers. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- Open Redirect in Tiny Tiny RSS (tt-rss) Hanno Böck (Mar 03)
- Re: Open Redirect in Tiny Tiny RSS (tt-rss) Mark Steward (Mar 03)