Open redirect vulnerability in index.php
Discovered by yoyobabaji on Security

This issue took 2 Days and 1 hours to triage and 21 Days and 5 hours to resolve once triaged.



Summary: `Hello Team i would like to report an open redirect on hackerone.com with reference to report #320376. In report #320376 it shows vulnerability i mitigated but still i am able to reproduce it. so all the summary and description remains the same.

Redirection is performed by HackerOne website when index.php page is visited. The parameter to index.php is used in redirection. By manipulating this parameter, an attacker can redirect victim outside www.hackerone.com

Description:

When a user visit www.hackerone.com/index.php/xyz he/she is redirected to www.hackerone.com/xyz. However, when visiting www.hackerone.com/index.php/index.phpxyz user will be redirected to www.hackerone.comxyz (without a slash between com and xyz).

Further, when visiting www.hackerone.com/index.php/index.php.hacker0ne.com user will be redirected to www.hackerone.com.hacker0ne.com (a subdomain hacker0ne.com)

Steps To Reproduce

1.Visit https://www.hackerone.com/index.php/index.php.hacker0ne.com

  1. Notice that the site redirects to https://www.hackerone.com.hacker0ne.com/

Optional: Your Environment (Browser version, Device, etc)

All Browsers

Impact

Attacker can trick users to visit malicious websites.