Vulnerability Report (URL Redirection ) Open Redirect
Weakness: Open Redirect
Link: https://hackerone.com/reports/307268
By: @pankajj736
Details: Vulnerability Name: URL Redirection
Vulnerability Details : This script is possibly vulnerable to URL redirection attacks.URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.This vulnerability affects web server.
Vulnerable URL:docs.gitlab.com//bing.com/%2e%2e
Vulnerable Item: /(uri)
how to reproduce this vulnerability : Please follow the video given in attachment
1->set / to any website for e.g /bing.com/%2e%2e for example docs.gitlab.com//bing.com/%2e%2e
2-> it will it redirect to that website
POC : Response : Video enclosed in attachement .
I hope this will fix very soon
Impact
Vulnerability Name: URL Redirection
Vulnerability Details : This script is possibly vulnerable to URL redirection attacks.URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.This vulnerability affects web server.