Steps to Reproduce:

  1. Go to http://localhost/seeddms/out/out.Login.php?referuri=https://google.com
  2. Login with user credentials
  3. Click Sign in.
  4. User will get redirected to the attacker's site. In our example to https://google.com

<aside> 📎 Note: This works for the Admin as well. Just enter Admin credentials as admin:admin

</aside>

POC Video:

[POC] SeedDMS - OpenRedirect.mp4

Confirmation of Bug from SeedDMS Team:

Untitled