.png)
9 months ago
95 BOOK THIS SPACE FOR AD
ARTICLE AD
Subscribed to: https://medium.com/@kerstan
Hello everyone, I’m Kerstan.
Today is Bug bounty Tuesday, I will share with you how I find open redirect bug in bug bounty program.
So, let’s dive right in.
First if the Applictaion have a user sign-In/Sign-Up feature,then register a user and log in as the user.
Go to your user profile page, for example: testvuln.com/accounts/profile2. Copy the profile page’s URL
3. Logout and Clear all the cookies and go to the homepage of the site.
4. Paste the Copied Profile URL on the address bar
5. If the site prompts for a login,check the address bar,you may find the login page with a redirect parameter like the following:
https://testvuln.com/login?next=/accounts/profile
https://testvuln.com/login?returnUrl=/accounts/profile
Use `@`https://testvuln.com/login?next=https://vuln.me@evit.com
- due to bad regex
Use url encodedhttps://testvuln.com/login?next=http://evil%E3%80%82com
- By using the character.(%E3%80%82 url encoded)instead of a normal dot in urls,it is possible to bypass the blocking.
https://testvuln.com/login?next=javascript:alert(1);//
If you want learn more, read my previous XSS articles, as follow:
How To Get A XSSI Bug In Bug Bounty — Bug Bounty Tuesday
URL Redirection To DOM XSS on Hackerone Programs — Bug Bounty Tuesday
3 Cases of DOM XSS in Bug Bounty
If this writing has been helpful to you, please consider giving it a clap and following. Thanks bro.
Alternatively, you can just buy me a coffee here, any sort of support is much appreciated…
Bengali (Bangladesh) · 
English (United States) ·