Skip to content

[Security] Open Redirect in WechatAuthorizationController #192

Description

@icysun

[Security] Open Redirect Vulnerability (CVSS 4.3)

Discoverer: icysun (icysun@qq.com)

Summary

Open redirect vulnerability in JPress WechatAuthorizationController. The goto parameter is not validated before being used in redirect responses.

Root Cause

WechatAuthorizationController.java:77,125,144 — goto parameter passed directly to redirect without validation.

Attack

/wechat/authorization?goto=https://evil.com -> WeChat OAuth callback -> redirect to attacker URL

Precondition

None (no authentication required)

Impact

Phishing attacks, OAuth code theft

Recommended Fix

Validate goto parameter against an allowlist of allowed domains or paths. Reject URLs with external domains.

Full report and PoC available upon request. Please move to private if preferred.

I am requesting a CVE assignment for this vulnerability.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions