Bunkerity Bunker Web Open Redirect Vulnerability

A URL redirection vulnerability allowing phishing attacks has been identified in Bunkerity Bunker Web version 1.6.2 on Linux. This open redirect issue occurs on the '/loading' endpoint, which accepts a 'next' parameter for post-login redirection. The vulnerability enables authenticated users to be redirected to arbitrary external sites, potentially leading to phishing scenarios.

Impact

Exploitation of this vulnerability could result in unauthorized redirection of users to malicious websites, increasing the risk of phishing attacks.

Reproduction

To reproduce this vulnerability, log into the Bunker Web application. After logging in, access the '/loading' endpoint with a 'next' parameter that includes a protocol-relative URL pointing to an external site. This will trigger the redirection to the specified site. Alternatively, for an unauthenticated user, the same 'next' parameter can be used with the login request, which will redirect them to the external site after logging in.