Netflix Security Monkey prior to 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netflix security monkey |