Summary

Currently Go prevents users from creating Go links to Go. However, this can be easily bypassed by making a link (say a bitly) that then redirects to Go. At the views.py level we need to check if we are redirecting users to a Go link, and if so, then throw a 500 error. I had thought this was implemented already but this is still exploitable.

Helpful Links

• https://git.gmu.edu/srct/go/blob/master/go/go/views.py#L269