Open Redirect on Login

TaintedPort

Back to App
Vuln ID TP-015 Title Open Redirect on Login Severity medium Type Open Redirect HTTP Method POST URL /auth/login Parameter redirect Filename - Code Location backend/api/controllers/AuthController.php line 109; frontend/app/login/page.js

Description

The login endpoint accepts a redirect parameter. After successful login, the frontend navigates to the URL without validation.

Proof of Concept

{"email":"[email protected]","password":"password123","redirect":"https://evil.com"}

Remediation

Validate the redirect URL is a relative path or same-origin.