.png)
4 hours ago
3 BOOK THIS SPACE FOR AD
ARTICLE AD
Here I am with yet another exciting bug-hunting story! This time, I’ll share details about an open redirection bug I discovered on one of Turkey’s most popular poetry archive websites.
Open redirection bugs generally occur in areas designed to redirect users automatically after completing a form or triggering an action, such as through parameters like refURL, returnURL, followURL. These vulnerabilities can be exploited to manipulate users into being redirected to a malicious site after completing legitimate actions on the real website.
In more sophisticated scenarios, attackers can ensure that users are redirected back to the legitimate site after malicious activities are performed, leaving no trace of their play. Users might unknowingly share personal data, session information, or cookies during this brief interaction, all without noticing anything unusual, as the redirection happens seamlessly within seconds.
I was surprised to find such a vulnerability on this well-established poetry site, which, according to SimilarWeb, receives 1.5 million visitors monthly. When I reported it to them, their team was even more astonished.
Further investigations revealed that the issue existed in five different places on the site. I reported these findings as well and offered my…
Bengali (Bangladesh) · 
English (United States) ·