Open-Redirect Vulnerability in

Anil Tom
Anil Tom
Sep 11, 2018 · 3 min read

Hey guys,

I am Anil Tom, in this article I am going to share the story about how I found Open-Redirect Vulnerability in Udacity. This is my first article, so if there is any mistake in it forgive me.

A great thanks to my masters and friends for the love and support.So let get started … This started when a friend of mine showed me a T-Shirt that he got from Udacity . So I thought why can’t I get one so I started doing Recon on the target Udacity . Within 5 to 10 mins testing I found a vulnerability on which is an Open redirect.

What is Open-Redirect Vulnerability?

Open-Redirect is basically is not a high impact vulnerability , A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Open redirection is listed in the OWASP Top 10 for 2013 and 2010 (10th position in both lists) since it is still an active threat in modern web applications. Openredirection occurs when a vulnerable web page is redirected to an untrusted and malicious page that may compromise the user. Open redirection attacks usually come with a phishing attack because the modified vulnerable link is identical to the original site, which increases the likelihood of success for the phishing attack.

How I find Open-Redirect on

I just add the / to but it won’t redirect as expected

Then I thought that what if i will add one more /

I changed the URL like this I execute this URL and as expected I redirect to the

Then I tried this payload with other domain of like , it’s also vulnerable :-p

And I was like

Reported to


Jun 1 Reported the Issue

Jun 3 Initial Reply

Jun 3 Fixed

Jun 17 Swag Received

PoC Video :

Happy HACKING…!!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store