Steps to Reproduce:
- Go to http://localhost/seeddms/out/out.Login.php?referuri=https://google.com
- Login with user credentials
- Click
Sign in.
- User will get redirected to the attacker's site. In our example to https://google.com
<aside>
📎 Note: This works for the Admin as well. Just enter Admin credentials as admin:admin
</aside>
POC Video:
[POC] SeedDMS - OpenRedirect.mp4
Confirmation of Bug from SeedDMS Team:
