BlogEngine.NET icon indicating copy to clipboard operation
BlogEngine.NET copied to clipboard
verified publisher icon BlogEngine

Open Redirection Vulnerability

Open hacip opened this issue 2 years ago • 0 comments

There is no validation for the year and month variables line between 158-160 on default.aspx.cs. Additionally, these parameters were used to build another variable named "rewrite", and the "rewrite" parameter is being used within a redirection. (Line 183 default.aspx.cs)

it can be used for redirecting the user to a malicious web page.

hacip avatar Jun 20 '23 18:06 hacip