Mlmym bug that allows for 302 redirect hijacking - Now fixed in v0.0.40
Mlmym bug that allows for 302 redirect hijacking - Now fixed in v0.0.40
github.com /link endpoint allows redirection to any arbitrary URL · Issue #101 · rystaf/mlmym
On old.lemmy.ca we're seeing a significant number of requests from Google Bot to random sites: 66.249.72.233 - - [27/Feb/2024:21:49:30 -0800] "GET /link?url=https://moebelsachverstaendiger-ganz.de/...
Heads up for anyone running mlmym on their instance, your site is probably being used for google SEO manipulation: https://github.com/rystaf/mlmym/issues/101
If you're running an old version, update to v0.0.40!
2
comments
Cheers, I just started dropping connections to
/link
as well, as a result.Edit: Looks like it was quickly fixed and released in 0.0.40, very cool.
4ReplyThis is now fixed in v0.0.40, go update!
3Reply