MY FIRST VULNERABILITY FOUND ON BUGCROWD (OPEN REDIRECTION)
Hii everyone !! 😊 Hope all are good . I am Jagadeeswaran B , Bug Hunter and a CyberSecurity Researcher. This is my first writeup on my very first vulnerability : OPEN REDIRECTION.
So now without wasting time !
What is open redirection?
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.
I started my hunting on December 2020 and for all i did not find anything at first.
So I was depressed at the earliest. So I tried again and again and at last I found a bug on Redacted.com (NOTE : The site does not allow disclosure) so i am not going to say the site name and let’s keep it as Redacted.com
STEPS TO REPRODUCE:
- Open the domain (i.e) https://Redacted.com
- And in the end I have added some '/' nothing but it’s a fuzzing, and typed the following [///www.bing.com//]
- Boomm!!!! The site is now redirected to bing.com which leads to open redirection.
- Hacker uses this vulnerability to redirect to his fake site and tries to get the user credentials.
As it offers only points and swag I didn’t receive any Bounty . Received 5points and swags from them 🤤
Yeah Yeah I know it’s too late to publish this but it’s ok 🙂
REPORTED →23 DEC 2020 ( 6AM)
REPLYED →23 DEC 2020 (11AM) as you can see a good response time 😋😋
CLOSED AND FIXED ON → 27 SEP 2021
SWAG ARRIVED ON→ 04 OCT 2021
Thanks for reading ❤️☺️ !! Hope to see you in the next writeup.
Reach me on LinkedIn - (https://www.linkedin.com/in/jagadeeswaran-b-44a9901bb)