If I request this:
http://mysite.com/\/\http://evilzone.org
Response:
HTTP/1.1 301 Moved Permanently
Location: https://mysite.com/\/\http://evilzone.org
Is it a vulnerability?
Asked
Active
Viewed 1,704 times
-1
schroeder
- 123,438
- 55
- 284
- 319
user183535
- 57
- 3
1 Answers
2
No. It means you have a global redirect from http to https before you check if it's a valid URL.
That would not be considered a vulnerability normally.
vidarlo
- 12,850
- 2
- 35
- 47