Vue-router 上基于 DOM 的开放重定向漏洞
[英]DOM-based open redirect vulnerability on Vue-router
问题描述
I have a vue application initiated with Vue-cli.
我有一个使用 Vue-cli 启动的 Vue 应用程序。
Vue version: 2.6.11 Vue版本: 2.6.11
vue-router version: 3.2.0 Vue路由器版本: 3.2.0
Reproduction Link复制链接
https://github.com/keyhangholami/dom-based-open-redirect https://github.com/keyhangholami/dom-based-open-redirect
Steps to reproduce重现步骤
Put 3 or more forwarding slashes in the URL + an arbitrary URL and a date formatted with slashes (eg http://www.localhost:3000///google.com?dob=11/10/1987 and hit Enter . Put 3 or more forwarding slashes in the URL + an arbitrary URL and a date formatted with slashes (eg http://www.localhost:3000///google.com?dob=11/10/1987 and hit Enter .
Expected behaviour预期行为
See the 404 page when the URL is invalid (includes 3 or more than 3 slashes + date like that).当 URL 无效时(包括 3 个或超过 3 个斜杠 + 日期),请参阅 404 页面。
What's actually happening?究竟发生了什么?
The app gets redirected to Google (or any arbitrary URL) including all query params even though I don't have any redirect rule and I have the following route to redirect to 404:该应用程序被重定向到谷歌(或任何任意 URL),包括所有查询参数,即使我没有任何重定向规则并且我有以下路由重定向到 404:
{ path: '*', name: '404-page', component: Page404, props: false }
1 个解决方案
解决方案1
1 2021-12-03 22:09:22
I had this same issue.我有同样的问题。 I updated to:我更新为:
vue 2.6.14 Vue 2.6.14
vue-router 3.5.3 Vue路由器3.5.3
vue-template-compiler 2.6.14 vue 模板编译器 2.6.14
and that solved the issue.这解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.