Hi All,
We're using web2py_2.9 and There is open redirect vulnerability
exist following pages:
*1) **Change Profile: *
https://127.0.0.1:8000/asdf/default/user/profile?_next=http%3A%2F%2Fgoogle.com
*2) Change Password: *
https://127.0.0.1:8000/asdf/default/user/change_password?_next=http%3A%2F%2Fgoogle.com
*3) Log out*:
https://127.0.0.1:8000/asdf/default/user/logout?_next=http%3A%2F%2Fgoogle.com
It successfully redirects to www.google.com
I've set default URL for redirection in auth settings but it isn't working
*Models/db.py*
auth.settings.logout_next=URL('user', args='login')
auth.settings.profile_next=URL('index')
auth.settings.password_next=URL('index')
*Is there any way to check URL (_next) contains valid controllers function?*
*for eg:* URL _next='http%3A%2F%2Fgoogle.com' isn't valid controllers
function.
but URL _next='asdf/default/index' is valid controllers
function.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
