Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20096

Open Redirect vulnerability discovered in the latest XWiki platform

    XMLWordPrintable

Details

    • N/A

    Description

      Hello XWiki team,

      I discovered an open redirect vulnerability in the XWiki platform in the xredirect parameter.

      PoC:

       If a victim goes to the following url: https://xwiki/bin/login/XWiki/XWikiLogin?xredirect=//veryevilwebsite.evil they will be redirected to https://veryevilwebsite.evil

      This is because the exact value of the xredirect param ("//veryevilwebsite.evil") is sent to the Location header. 

      Recommended Fix:

      Consider removing every forward and backward slash except for one in the xredirect param as this will inform the browser the path is relative to the site and not an absolute one. 

       

      Thanks,

       

       

      Attachments

        Issue Links

          depends on

          Improvement - An improvement or enhancement to an existing feature or task. XWIKI-20549 Provide a new script service API to check trustfulness of an URI

          • Major - Major loss of function.
          • Closed
          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-19994 Redirect parameter xredirect in login/logout can link to external site

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              surli Simon Urli
              yibelo Paulos Mesfin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: