oss-sec mailing list archives

Open Redirect in Tiny Tiny RSS (tt-rss)

From: Hanno Böck <hanno () hboeck de>
Date: Sun, 3 Mar 2019 17:31:17 +0100

Hi,

Via my personal Bug Bounty program on hackerone I got a report about an
open redirect in a publicly accessible instance of Tiny Tiny RSS I have
running on a subdomain.

I'm aware that whether open redirects are vulnerabilities is debatable
(which is also reflected in the discussion with tt-rss, but they fixed
it nevertheless).

PoC:
https://[hostname]/public.php?return=http%3a%2f%2fevil.com%2f&op=login&login=password=&profile=0

Report to tt-rss developers:
https://discourse.tt-rss.org/t/open-redirect-via-public-php/2077
Fix:
https://git.tt-rss.org/fox/tt-rss/commit/c68ac04020d85a296c784de18f8def3f365f9f6a

This was reported by Mariia Aleksandrova (zophi), I just forwarded the
report to the tt-rss developers.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Current thread:

Open Redirect in Tiny Tiny RSS (tt-rss) Hanno Böck (Mar 03)
- Re: Open Redirect in Tiny Tiny RSS (tt-rss) Mark Steward (Mar 03)