When clicked on login the url had a redirect parameter.
and so i tried different payloads but most of them got 403 Forbidden or just would not redirect me to where i wanted.
Nothing worked until this payload -
evil%252ecom but it redirected me to
and i was like.
So if the url was
target.com/login?redirect=anything it would redirect to
target.comanything and so i added
pany in the redirect parameter and it redirected to
After that i went to see if the domain is available and it was.
I reported this vulnerability to them and no response for about a week. So i contacted again and its now been at least 4 months still no response but they fixed it.
Hope you learned something, if you liked then please share.