Project

General

Profile

Development #33084

crash sur mauvaise URL dnas edit-profile-next_url

Added by Thomas Noël 9 days ago. Updated 8 days ago.

Status:
Solution proposée
Priority:
Normal
Category:
-
Target version:
-
Start date:
14 May 2019
Due date:
% Done:

0%

Patch proposed:
Yes
Planning:
No

Description

Unsafe redirect to URL with protocol 'c'

Report at /accounts/edit/
Unsafe redirect to URL with protocol 'c'

Request Method: POST
Request URL: https://connexion-departement06.test.entrouvert.org/accounts/edit/
Django Version: 1.11.20
Python Executable: /usr/bin/python
Python Version: 2.7.13
Python Path: ['/', '/usr/bin', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '/', '/', '/', '/',
'/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/',
'/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/',
'/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/',
'/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/', '/']
Server time: mar, 14 Mai 2019 12:11:51 +0200
Installed Applications:
''
Installed Middleware:
''

Request information:
USER: pentest@fidens.fr (ca829e)

GET: No GET data

POST:
edit-profile-phone = u'555-555-0199'
edit-profile-last_name = u'fidens'
edit-profile-next_url = u'c:\\windows\\win.ini'
edit-profile-address = u'1+Main+Street'
edit-profile-mobile = u'555-555-0199@example.com'
edit-profile-city = u'Winterville'
edit-profile-first_name = u'fidens'
edit-profile-zipcode = u'36310'
csrfmiddlewaretoken = u'mOPRhEOIj6Fyutsk14xzq8n9zr8xqyIXuaYOXsPHT3Vs6VWP43oNuwCVSFIFlubk'
edit-profile-title = u'Monsieur'

0001-views-validates-EditProfile-next_url-33084.patch View (1.12 KB) Benjamin Dauvergne, 14 May 2019 05:15 PM

History

#1 Updated by Benjamin Dauvergne 8 days ago

  • Assignee set to Benjamin Dauvergne

#2 Updated by Benjamin Dauvergne 8 days ago

Idem que #33087.

Also available in: Atom PDF