Share
## https://sploitus.com/exploit?id=PACKETSTORM:218855
Pachno 1.0.6 (return_to) Open Redirection
    
    
    Vendor: Daniel AndrΓ© Eikeland
    Product web page: https://github.com/pachno/pachno
    Affected version: 1.0.6
    
    Summary: Pachno is an open-source collaboration platform (formerly known as The Bug Genie)
    designed for team project management, issue tracking, and documentation. It offers a module-based,
    customizable environment for software development and team workflows, distributed under the
    Mozilla Public License.
    
    Desc: Input passed via the return_to GET/POST parameter to the login endpoint is not properly
    verified before being used to redirect users. The _getLoginForwardUrl() helper applies htmlentities()
    to the value which is intended for HTML output encoding and does not validate URL schemes or hosts,
    and then issues a Location header with the unmodified URL. This can be exploited to redirect a
    user to an arbitrary external website and conduct phishing attacks.
    
    Tested on: GNU/Linux
               Apache2
               PHP/7.4
               MySQL/5.7 (MariaDB)
    
    
    Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                                @zeroscience
    
    
    Advisory ID: ZSL-2026-5981
    Advisory URL: https://www.zeroscience.mk/#/advisories/ZSL-2026-5981
    
    
    06.04.2026
    
    --
    
    
    https://127.0.0.1/login?return_to=https://www.zeroscience.mk/pachno_relogin.phtml