Open Redirect Bug
Permalink
Hi all
There's an issue with the login that enables a malicious user to prefill the form with an rcID which can be any url.
I would suggest removing the url-specified redirect and using a collectionID ONLY.
There's an issue with the login that enables a malicious user to prefill the form with an rcID which can be any url.
I would suggest removing the url-specified redirect and using a collectionID ONLY.
Possibly, but we could add the extra stage of converting the rcID to pretty URL before redirecting.
Aside from that, SEO isn't an issue for redirecting a login - Search Engines aren't going to login to the dashboard ;)
Aside from that, SEO isn't an issue for redirecting a login - Search Engines aren't going to login to the dashboard ;)
This could use some definite looking into.
Attached is the reply I'm getting back from a PCI compliance scan of a 5.4.0.5 install
Seems the URL redirect could turn into a phishing exploit.
With PCI compliance being on a lot of people's Minds this summer (mine especially)this could drive some negative attention to my beloved C5 :(
Attached is the reply I'm getting back from a PCI compliance scan of a 5.4.0.5 install
Seems the URL redirect could turn into a phishing exploit.
With PCI compliance being on a lot of people's Minds this summer (mine especially)this could drive some negative attention to my beloved C5 :(
We'll address this in some way. It'll either take a numerical parameter like it does, or a relative portion of the site.. e.g. /path/to/page. But it'll always append that to your site...so you won't be able to redirect to a completely new site.
But I agree, this should be checked