Sarmad Hassan

Published On: 18 Feb 2021

Open redirect in www.oversightboard.com that owned by Facebook

Open Redirect
Facebook | Web
---
LOW VALID

While doing reverse Ns lookup for Facebook.com, I came across this domain oversightboard.com. What is oversightboard? ================ The Oversight Board is a body that makes content moderation decisions on the social media platform Facebook.

Description

Oversightboard have two login options, through facebook or instagram, while testing the login functionality I found that there is an open redirect bug in "redirect_url=" parameter without linkshim protection.

Impact

An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.




Reproduction Steps

Step
1

1- Go to https://www.oversightboard.com/login/?redirect_url=https%3A%2F%2Fwww.evilzone.org
2- Login with Facebook plugin.
3- It will redirect you to evilzone.org

Timeline
.
Sarmad 09 Feb 2021

Initial Report

.
Facebook 09 Feb 2021

Report Triaged

.
Facebook 10 Feb 2021

Report Fixed

.
Sarmad 10 Feb 2021

Fix Confirmed

.
Facebook 18 Feb 2021

Bounty awarded

VALID






Show All Images