关键信息 标题 PHPGurukul COVID-19 Testing Management System 2021 version Open Redirection 描述 The search-report-result.php endpoint of the COVID-19 Testing Management System is vulnerable to open redirection. This application accepts a user-supplied URL parameter and redirects users without proper validation. This allows attackers to craft malicious URLs that redirect victims to external, potentially malicious websites. 受影响的端点 /search-report-result.php?q=https://example.com 影响 An attacker can: - Redirect users to phishing pages or malware-infected sites - Exploit the trust of the original domain (used in phishing attacks) - Bypass request-based access control or filtering mechanisms 修复建议 Validate redirect URLs against a whitelist of allowed domains Reject or sanitize external URLs Use relative paths for internal redirection 源码 https://targetsite.com/search-report-result.php?search=html-open-redirection-payload 用户 User (UID 58635) 提交者 [Submission details not visible]