Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4 open redirects CVE #60

Open
s-b-repo opened this issue Oct 17, 2023 · 2 comments
Open

4 open redirects CVE #60

s-b-repo opened this issue Oct 17, 2023 · 2 comments

Comments

@s-b-repo
Copy link

s-b-repo commented Oct 17, 2023

Open Redirect

url = url.substring(0, qq);
buf.append(url);
if (q != null && q.length() > 0)
buf.append(q.replace("&", "&")); // no you don't html escape the redirect header
resp.setHeader("Location", buf.toString());
line # 2480

[‎apps/susimail/src/src/i2p/susi/webmail/WebMail.java]
Open this link in a new tab

   url = url.substring(0, url.length() - 5);
    buf.append(url);
    if (p.length() > 0)
        buf.append(p.replace("&", "&"));  // no you don't html escape the redirect header
    resp.setHeader("Location", buf.toString());

line 1617

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java]

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/routerconsole/jsp/index.jsp:50]

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java:193]

@s-b-repo s-b-repo changed the title 4 open redirects 4 open redirects CVE Oct 17, 2023
@eyedeekay
Copy link
Contributor

Probably low-priority, these are coming from inside the I2P application itself, i.e. they are probably trusted inputs. Leaving it open to have a look at the I2PSnarkServlet and the WebMail points, those could potentially come from partially user-supplied inputs. Not likely actionable.

@s-b-repo
Copy link
Author

Probably low-priority, these are coming from inside the I2P application itself, i.e. they are probably trusted inputs. Leaving it open to have a look at the I2PSnarkServlet and the WebMail points, those could potentially come from partially user-supplied inputs. Not likely actionable.

may able to do something un wanted with webmail like when a attacker mails a exploit activating the redirect

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants