protocol & Ports are not shown in third-party site redirect warning page
Vulnerable Endpoint :- https://www.semrush.com/redirect?url=ftp://evil.com:1337
I noticed #311330 this report where you guys fixed a open redirect report by adding a external third-party site redirect warning page . It was a great fix . Although a issue caught in my eye . Urls contains a protocol and Ports . If I add a url with any other protocol like ftp:// then it's not shown in the external warning page what can be used to take a user to any other place then user expected to go .
<a href="ftp://evil.com:1337" id="js-site-link" class="site_link" data-test-site-link=""> Go to site </a>
I noticed in url= parameter many protocols can be used . Like I can use vnc:// protocol and on my mac os if I visit https://www.semrush.com/redirect?url=ftp://evil.com:1337 and click on Go to site then it will open my mac environment's default VNC app like below screenshot :-
So while user may think they will visit a site but actually they will request to a site with a protocol what may take them to anything else .
I can suggest 2 possible fix here :-