Qlik Open Redirect

Qlik Open Redirect

# Affected software: qlik
# Type of vulnerability:open redirect
# URL:qlik.com
# Discovered by: provensec
# Website: provensec.com

#version: n/a
# Proof of concept
vulnerable param:returnurl

https://login.qlik.com/login.aspx?status=lol&returnURL=domain

example:

https://login.qlik.com/login.aspx?status=lol&returnURL=http%3a%2f%2…

Best Regards,
Ankit Bharathan /*Security Researcher*
[image: Provensec,llc] <http://provenec.com/>

ankit.b@provensec.com

Provensec,llc
http://provenec.com

P *Consider the environment. Please don't print this e-mail unless
absolutely necessary.*