+1-888-365-2779
Try Now
More in this section

Forums / Bugs & Issues / Open redirect vulnerability on /Sitefinity/status page

Open redirect vulnerability on /Sitefinity/status page

1 posts, 0 answered
  1. anmiles
    anmiles avatar
    27 posts
    Registered:
    17 May 2010
    23 Jan
    Link to this post

    Hi there,

    Sitefinity 9.2 has a system page /Sitefinity/Status page with ReturnUrl parameter. It's being shown during application restart, but not only - this page works anytime.

    I noticed that this parameter represents open redirect vulnerability. ReturnUrl is not validated. One can pass any website URL as ReturnUrl parameter - and Sitefinity will redirect it.

    For example /Sitefinity/status?ReturnUrl=http://www.spam.com will redirect to http://www.spam.com

    So anytime phisher can post an URL based on domain of Sitefinity-based website, but this URL will immediately redirect to other website.

    There is no option to switch this redirect off. Modifying HTML of application status page will affect only startup screen but won't affect redirection when site is running. Denying access to /Sitefinity/status page will cause other users see server error page until website start up.

    We invented a dirty workaround: programmatically override route and palmed off our own HTTP handler. But fact is fact: there is a vulnerability that is presented by default on all Sitefinity systems.

     
    fact is fact
1 posts, 0 answered