Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+1 vote
1.5k views
in Q2A Core by

I tried to find a sanitization of the redirect path, but could not find any.

Just a login module?

$module->login_html(qa_opt('site_url').qa_get('to'), 'login');

Could anybody just tell how secure the url handling is? And where to see it? Thanks.

by
I don't think there needs to be security on the redirection, it can only redirect to a page on your site. Can you provide an example of when it would be insecure?
by
"URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination."
http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse

I tried to hack the to-parameter: http://www.question2answer.org/qa/login?to=http://www.google.de/ but this gives a page-not-found.

So I guess it is safe ;)
by
To me it just redirects to the Q2A homepage.

Please log in or register to answer this question.

...