Open redirect vulnerability on /Sitefinity/status page

Posted by Community Admin on 04-Aug-2018 15:18

Open redirect vulnerability on /Sitefinity/status page

All Replies

Posted by Community Admin on 23-Jan-2017 00:00

Hi there,

Sitefinity 9.2 has a system page /Sitefinity/Status page with ReturnUrl parameter. It's being shown during application restart, but not only - this page works anytime.

I noticed that this parameter represents open redirect vulnerability. ReturnUrl is not validated. One can pass any website URL as ReturnUrl parameter - and Sitefinity will redirect it.

For example /Sitefinity/status?ReturnUrl= will redirect to

So anytime phisher can post an URL based on domain of Sitefinity-based website, but this URL will immediately redirect to other website.

There is no option to switch this redirect off. Modifying HTML of application status page will affect only startup screen but won't affect redirection when site is running. Denying access to /Sitefinity/status page will cause other users see server error page until website start up.

We invented a dirty workaround: programmatically override route and palmed off our own HTTP handler. But fact is fact: there is a vulnerability that is presented by default on all Sitefinity systems.

fact is fact

This thread is closed