Explotation of reload/redirect through javascript

Question

While working on a site (https://website.com/site/site.apexp) the site redirects through a javascript function:

<html>
<script>
        function redirectOnLoad() {
var escapedHash = '';
var url = 'https://website.com/s/login?ec=302&inst=4z&startURL=%2Fsite%2FSite.apexp';
if (window.location.hash) {
   escapedHash = '%23' + window.location.hash.slice(1);
}
if (window.location.replace){ 
window.location.replace(url + escapedHash);
} else {
window.location.href = url + escapedHash;
} 
} 
redirectOnLoad();
    </script>

A function that does not take any parameters is hard /might not be possible to tamper with, which makes sense. But the thing is, when the url is changed from

https://website.com/site/site.apexp

to

https://website.com/site////site.apexp

the change is reflected in the variable url in the script .

var url="https://website.com/s/login?ec=302&inst=4z&startURL=%2Fsite%2F%2F%2F%2FSite.apexp`

So url parameters are being reflected in the script function. Is there, by any chance, something I can do to exploit or tamper with that function?

You can compose different payloads along the lines suggested [here](https://help.salesforce.com/s/articleView?id=sf.review_and_certification.htm&type=5). — Deepak Devanand, Apr 16 '22 at 17:42

Explotation of reload/redirect through javascript

0 Answers0