A few results there for sure, but most of those are comments. I've never seen this particular set of circumstances in any of the apps I've worked on, but I know anecdotes don't necessarily make data.

Obviously there are some apps that will be vulnerable, but they will likely be very rare.

So rare that I'm not sure why this got any attention. There are more interesting bugs to look at, which i do see in the wild a lot (e.g. redirect_to params[:return_url])

If anyone is interested, I've got a set of helper functions for redirects. https://github.com/epochwolf/litsocial/blob/master/app/lib/c...

Redirects are hard to get right. Bypass 1 - //host.com. Even if you will use URI library Bypass 2 - ///host.com

Good point, I'll need to modify the redirect to disallow multiple slashes at the beginning.

That should be something like /\A(http(s?):\/\/#{request.host_with_port}|\/\Z|\/[^\/])/

/\host.com

Oh, among those 17 results only 3 have "*action" and none of them is relevant.

Now it will hit the front page and everyone will rant how vulnerable rails is not reading the details. Same happened with "oauth covert redirect" (which is nothing interesting) few days ago.