Qwik City, Open Redirect Vulnerability, CVE-2024-42288 (Medium)

Listen to this Post

The vulnerability resides in the `fixTrailingSlash` middleware applied by default to page routes in Qwik City. When handling a request, this middleware checks if the URL path should have a trailing slash added or removed for consistency. It constructs a redirect `Location` header based on the incoming request path. The flaw was that it did not properly validate the generated redirect target. An attacker could craft a request to a path like //evil.com. The middleware would process this and issue a 301 redirect with the header Location: //evil.com. A browser interprets this protocol-relative URL, redirecting the user to `https://evil.com` or `http://evil.com` based on the original connection, effectively performing an open redirect from the trusted domain to an attacker-controlled site.
Platform: Qwik City
Version: < 1.19.0
Vulnerability: Open Redirect
Severity: Medium
date:

Prediction: Patched 2024-04-24

What Undercode Say:

Check current qwik-city version
npm list @builder.io/qwik-city
Simulate malicious request triggering redirect
curl -I "https://victim-domain.com//evil.com/path"
Pattern to detect vulnerable Location headers
grep -r "Location:\s//" src/
Example of a safe redirect validation snippet
if (!redirectUrl.startsWith('/') || redirectUrl.includes('://')) {
throw new Error('Invalid redirect');
}

How Exploit:

Attacker sends a crafted link: https://trusted-app.com//phishing-site.com/login`. The victim's browser receives a 301 redirect from the trusted domain tohttps://phishing-site.com/login`.

Protection from this CVE

Update to `@builder.io/qwik-city` version 1.19.0 or later.

Impact:

Phishing attacks, session token theft, user credential harvesting.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top