<aside> π Content
Sensitive Data Exposure Gain access to any access log file of the server.
???
Unvalidated Redirects Enforce a redirect to a page you are not supposed to redirect to.
Outdated Allowlist λ¬Έμ μμ donation λ²νΌμ΄ λ€λ₯Έ μ¬μ΄νΈλ‘ redirectνλ κΈ°λ₯μ κ°κ³ μμκ³ direct νμ©λ urlμ main.js μμ μ°Ύμλ³Ό μ μμλ€.
/redirect?to= μ κ²½λ‘λ‘ redirectν urlμ ν¬ν¨νμ¬ μμ²νλλ°, νμ©λ urlμ 3κ°μμ νμΈν μ μλ€.
λ°λΌμ νμ©λμ§ μμ urlλ‘λ redirect ν μ μμμ μ μ μλ€. μ΄λ₯Ό μ΄μ©νμ¬ νμ©λ urlμ to μ μΈμλ‘ μΈμνκ²λ μμ²μ λ³΄λΌ μ μλ€.
/redirect?to=https://google.com?to=https://blockchain.info/address/1AbKfgvw9psQ41NbLi8kufDQTezwG8DRZm
μ μμ μΌλ‘ redirect λ κ²μ νμΈν μ μλ€.