.png)
2 days ago
8 BOOK THIS SPACE FOR AD
ARTICLE AD
In this blog, I personally investigated 4 disclosed and triaged open redirect bug bounty reports to understand what kinds of open redirect bugs receive bounties or are considered bounty-worthy.
💴 🚧 🔨 Here is the friendly link to remove the paywall.
Report ID: 2812583
Bounty: Yes
Fixed & Disclosed: Yes
Severity: Low
Date: November 5, 2024, 7:16am UTC
There was a video attached, too — added this as a screenshot.
The Vulnerability
Tumblr’s logout endpoint accepts a redirect_to parameter that determines where the user is sent after logging out. The issue was that Tumblr did not sufficiently validate this parameter. An attacker could supply a URL pointing to a malicious site, causing unsuspecting users to be redirected there.
The Exploit URL
https://www.tumblr.com/logout?redirect_to=https://evil.com%5C%40www.tumblr.comWhen URL-decoded, the redirect_to parameter becomes:
https://evil.com\@www.tumblr.com
Bengali (Bangladesh) · 
English (United States) ·