# CVE-2024-39097: Open Redirect Bypass via `//`
**Discovered by:** letm3through (Ahn TaeGyu)

## Description
There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.

- **Vulnerability Type:** CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

- **CVE Impact Other:** Phishing via URL Redirection to Untrusted Site ('Open Redirect')

- **Attack Type:** Remote

## Affected Product
- **Name of affected Product:** gnuboard 6
- **Affected version**: =< 6.0.4
- **Affected Product Code Base:** Gnuboard version 6.0.4 and below are affected - Fixed in version 6.0.5
## Affected Component
  - **Component:** Login Path of Gnuboard 6
  - **Affected source code:** [dependencies.py](https://github.com/gnuboard/g6/blob/fcd8dc7c42181fa95c1d64f688f6a720902d473e/lib/dependency/dependencies.py#L259-L270)
  - **Issue provided with fix PR:** https://github.com/gnuboard/g6/issues/582


## Attack Vectors
`url` parameter is vulnerable to open redirect despite having a filter logic.

The filter logic can be easily bypassed with double slashes `//` as below PoC.

PoC: 
```
http://[DOMAIN]/bbs/login?url=//example.com
```

## Reference
- https://github.com/gnuboard/g6/issues/582