This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 271472 - Open Redirection Vulnerability
Summary: Open Redirection Vulnerability
Status: NEW
Alias: None
Product: apisupport
Classification: Unclassified
Component: API docs (show other bugs)
Version: Dev
Hardware: PC Windows 8.1
: P3 normal (vote)
Assignee: Martin Kozeny
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-13 19:43 UTC by muzamilshah254
Modified: 2019-07-01 08:49 UTC (History)
0 users

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description muzamilshah254 2017-09-13 19:43:28 UTC 
Hi there..
I have found your website vulnerable to Open Redirection

Open Redirection :

Open Redirection occurs when vulnerable web page is being redirected to another web page via a user controllable input.

Impact : 

An attacker can use this vulnerability to redirect users to other malicious web sites which can be used for phishing and similar attacks.

Steps To Reproduce : 

1. Go to this link. 
https://netbeans.org/people/login?original_uri=%2Fpeople%2F289283-muzamilshah254

2. Replace the link with 
https://netbeans.org/people/login?original_uri=https://www.google.com

3. Reload the page and signing-in will redirect to google.com.

I hope it will soon get fixed :)

Regards,
Muzamil Shah
WebSecurity Researcher
Comment 1 muzamilshah254 2019-07-01 08:49:19 UTC 
Any update please ?