stackoom
  简体   繁体   中英

DOM-based open redirect vulnerability on Vue-router

 原文  2021-04-15 08:41:45       javascript/ vue.js/ vue-router

Question

I have a vue application initiated with Vue-cli.
Vue version: 2.6.11
vue-router version: 3.2.0

Reproduction Link
https://github.com/keyhangholami/dom-based-open-redirect

Steps to reproduce
Put 3 or more forwarding slashes in the URL + an arbitrary URL and a date formatted with slashes (eg http://www.localhost:3000///google.com?dob=11/10/1987 and hit Enter .

Expected behaviour
See the 404 page when the URL is invalid (includes 3 or more than 3 slashes + date like that).

What's actually happening?
The app gets redirected to Google (or any arbitrary URL) including all query params even though I don't have any redirect rule and I have the following route to redirect to 404:

{ path: '*', name: '404-page', component: Page404, props: false }

1 answers

solution1
 1  2021-12-03 22:09:22

I had this same issue. I updated to:

vue 2.6.14

vue-router 3.5.3

vue-template-compiler 2.6.14

and that solved the issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question vue-router redirect not working on route push Vue-Router infinite loop with redirect route Is this vulnerable to dom-based xss? What is DOM-based XSS? How to redirect to desired page in Vue js using vue-router? How to redirect to a different url inside the vue-router beforeRouteEnter hook? VueJS with vue-router how to redirect to a server route Can vue-router open a link in a new tab? How to implement router leave guard like vue-router in react-router-dom? Vue / vue-router scoping
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM