STINNER Victor added the comment: > This can be practically exploited this way : > http://example.com/login?next=/////evil.com
Can you please elaborate on the "exploit" part? In Firefox, the "////etc/passwd" link shows me my local file /etc/passwd. Ok, but how is it an issue? "//etc/passwd" also shows me file:////etc/passwd. The OWASP article on Open Redirect shows example to redirect to a different website. Can you should an example how redirect to a website and not a file:// URL? https://www.owasp.org/index.php/Open_redirect ---------- nosy: +haypo _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23505> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
