Vulnerability Report (URL Redirection ) Open Redirect

Weakness:      Open Redirect
Link:          https://hackerone.com/reports/307268
By:            @pankajj736

Details: Vulnerability Name: URL Redirection

Vulnerability Details : This script is possibly vulnerable to URL redirection attacks.URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.This vulnerability affects web server.

Vulnerable URL:docs.gitlab.com//bing.com/%2e%2e

Vulnerable Item: /(uri)

how to reproduce this vulnerability : Please follow the video given in attachment

1->set / to any website for e.g /bing.com/%2e%2e for example docs.gitlab.com//bing.com/%2e%2e

2-> it will it redirect to that website

POC : Response : Video enclosed in attachement .

I hope this will fix very soon

Impact

Vulnerability Name: URL Redirection

Vulnerability Details : This script is possibly vulnerable to URL redirection attacks.URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.This vulnerability affects web server.