Steps to Reproduce:

  1. Go to http://localhost/seeddms/out/out.Login.php?referuri=https://google.com

    Or put any URL in the URL parameter referuri.

  2. Login with user credentials

    In my case: UserID = aman

              `Password` = amanp
    
              `Language` = English (GB)
    
  3. Click Sign in.

  4. User will get redirected to the attacker's site. In our example to https://google.com

<aside> 📎 Note: This works for the Admin as well. Just enter Admin credentials as admin:admin

</aside>

POC Video:

[POC] SeedDMS - OpenRedirect.mp4

Confirmation of Bug from SeedDMS Team:

Untitled