Submit #50339: Open Redirect in apinto-dashboard <= v1.1.0-beta via /login?callbackinfo

TitelOpen Redirect in apinto-dashboard <= v1.1.0-beta via /login?callback
Beschreibungrepo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` open /login?callback=//www.qq.com ![](https://c2.im5i.com/2022/11/01/Xr2UG.png) ![](https://c2.im5i.com/2022/11/01/Xrny6.png) login and then website jump to www.qq.com ![](https://c2.im5i.com/2022/11/01/XrYF5.png)
Benutzer
 Tomy (UID 34751)
Einreichung01.11.2022 12:03 (vor 4 Jahren)
Moderieren01.11.2022 16:35 (5 hours later)
StatusAkzeptiert
VulDB Eintrag212633 [eolinker apinto-dashboard /login callback Redirect]
Punkte17

ZurückÜbersichtWeiter

Want to know what is going to be exploited?

We predict KEV entries!