Qlik Open Redirect

2015.04.08

Credit: provensec

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-601

# Affected software: qlik
# Type of vulnerability:open redirect
# URL:qlik.com
# Discovered by: provensec
# Website: provensec.com

#version: n/a
# Proof of concept
vulnerable param:returnurl

https://login.qlik.com/login.aspx?status=lol&returnURL=domain

example:

https://login.qlik.com/login.aspx?status=lol&returnURL=http%3a%2f%2fgoogle.com%2f

-- 

Best Regards,
Ankit Bharathan  /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>

ankit.b@provensec.com

Provensec,llc
http://provenec.com

P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Qlik Open Redirect

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Qlik Open Redirect

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.