Back to all zero days
Open Redirect in WSO2 Product
Feb 10, 2020
Client-side open redirect arises when an application incorporates user-controllable data into the target of a redirection in an unsafe way. XSS payload is allowed to redirect the user to the external domain in the product WSO2 Identity Server version 5.9.0.
Proof of concept: (POC)
The following vulnerability was tested on WSO2 Identity Server Manager version 5.9.0 Product.
Issue 01: Client-side URL Redirection.
Figure 01: Navigating to the Policy Administration and Clicking the Add New Entitlement Policy Link.
Figure 02: Clicking the Write Policy in XML opens the URL and Editor.
Figure 03: Entering the domain http://evil.com in the variable CallbackURL.
Figure 04: Entered domain saved in the DOM object and reflected in the Response body.
Figure 05: Forwarding the request and clicking the Cancel button triggers the URL navigation script and redirects to the custom entered domain.
An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.
Download and apply the relevant fixes based on the change