UoG Library Website Open Redirect Vuln

Blog update: I have discovered and reported an open redirect on Guelph’s library website using the URL:

https://subzero.lib.uoguelph.ca/login?URL=.

You are able to concatinate any google url onto the end of this url and will be redirected to that site. Using the google open redirect:

https://www.google.com/search?source=<site>&hl= <site> &q= <site> &btnG= <site> &btnI= <site>

you are able to double redirect to any site eg (youtube.com), not just google sites.

Example: https://subzero.lib.uoguelph.ca/login?URL=https://www.google.com/search?source=www.youtube.com&hl=www.youtube.com&q=www.youtube.com&btnG=www.youtube.com&btnI=www.youtube.com

Leave a Reply

Your email address will not be published. Required fields are marked *