Submit #400792: LinuxOSsk Shakal-NG 1.3.3 Open Redirectinfo

TitleLinuxOSsk Shakal-NG 1.3.3 Open Redirect
DescriptionThe code uses the user-controlled next variable to redirect. If next is not verified, an attacker could induce users to redirect to a malicious website. First: ``` Snippets of code comments/urls.pypy (line 10) : path('odpovedat/<int:parent>/', views.Reply.as_view(), name='reply'), Snippet of code comments/views.py (lines 97 through 97) : next_url = self.request.POST.get('next', '') Snippet of code comments/views.py (lines 100 to 100) : return http.HttpResponseRedirect(next_url + '#link_' + str(comment.pk)) ``` Second: ``` Snippets of code comments/urls.pypy (line 12) : path('sledovat/<int:pk>/', views.Watch.as_view(), name='watch'), Snippets of code comments/views.py (lines 140 through 140) : def post(self, request, **kwargs): Snippets of code comments/views.py (lines 152 through 152) : return HttpResponseRedirect(request.POST['next']) ``` Third: ``` Snippets of code comments/urls.pypy (line 13) : path('zabudnut/<int:pk>/', views.Forget.as_view(), name='forget'), Snippet of code comments/views.py (lines 161 through 161) : def get(self, request, **kwargs): Snippet of code comments/views.py (lines 165 through 165) : return HttpResponseRedirect(request.GET['next']) ``` Safety advice: Verify the next parameter: Make sure that the next parameter points to a predefined, secure list of urls, or use a whitelist to limit acceptable values. Use security functions: If the Django framework is being used, consider using Django's is_safe_url or a similar method to verify the security of the URL. Encoded output: Ensure that the redirected target URL is properly encoded to prevent injection attacks. Logging: Logging relevant information prior to redirection helps in tracing and debugging in the event of a security incident. Error handling: If the next_url is invalid or points to an insecure address, there should be an explicit error handling mechanism rather than a simple redirect.
Source⚠️ https://github.com/LinuxOSsk/Shakal-NG/issues/202
User
 zihe (UID 56943)
Submission08/31/2024 02:59 PM (2 years ago)
Moderation09/04/2024 10:43 AM (4 days later)
StatusAccepted
VulDB entry276492 [LinuxOSsk Shakal-NG up to 1.3.3 comments/views.py Next redirect]
Points20

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!