Bug Type
Security
Reproduction steps
Open site
During the download, you will see the word Redirect
Press Esc and check the code with some network analyzer
You will know that a CDN is being used
Actual result
Open redirect notification, from irrelevant material to the main page - beta.disintar.io
This is very bad, because the design should not give out the processes going on behind the scenes.
You run the risk of catching a distributed DDoS attack, the Cloudflare server in this case will not save the system. When disinator.io is attacked, the redirect chain will be broken, and the main domain will become inaccessible. Yes, it's expensive, but it greatly increases the number of attacker action scenarios (the attack perimeter is larger).
Expected result
Ask the designer to hide the redirect, then no one will know about the existence of the old domain
Suggested Severity
Medium
Device
Desktop (please complete the following information):
- Windows 10
- Edge/Mozilla
Additional Context
No response
Bug Type
Security
Reproduction steps
Open site
During the download, you will see the word Redirect
Press Esc and check the code with some network analyzer
You will know that a CDN is being used
Actual result
Open redirect notification, from irrelevant material to the main page - beta.disintar.io
This is very bad, because the design should not give out the processes going on behind the scenes.
You run the risk of catching a distributed DDoS attack, the Cloudflare server in this case will not save the system. When disinator.io is attacked, the redirect chain will be broken, and the main domain will become inaccessible. Yes, it's expensive, but it greatly increases the number of attacker action scenarios (the attack perimeter is larger).
Expected result
Ask the designer to hide the redirect, then no one will know about the existence of the old domain
Suggested Severity
Medium
Device
Desktop (please complete the following information):
Additional Context
No response