| 제목 | PHPGurukul COVID-19 Testing Management System 2021 version Open Redirection |
|---|
| 설명 | The search-report-result.php endpoint of the COVID-19 Testing Management System is vulnerable to open redirection. The application accepts a user-supplied URL parameter and redirects users without proper validation. This allows attackers to craft malicious URLs that redirect victims to external, potentially malicious websites.
Affected Endpoint:
/search-report-result.php?q=https://example.com
Impact:
An attacker can:
Redirect users to phishing pages or malware-infected sites
Exploit the trust of the original domain (used in phishing attacks)
Bypass redirect-based access control or filtering mechanisms
Fix Recommendation:
Validate redirect URLs against a whitelist of allowed domains
Reject or sanitize external URLs
Use relative paths for internal redirection |
|---|
| 원천 | ⚠️ https://targetsite.com/search-report-result.php |
|---|
| 사용자 | Anzil (UID 86393) |
|---|
| 제출 | 2025. 06. 10. AM 09:06 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 19. AM 09:22 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 313290 [PHPGurukul COVID19 Testing Management System 2021 search-report-result.php q Redirect] |
|---|
| 포인트들 | 17 |
|---|