MY FIRST VULNERABILITY FOUND ON BUGCROWD (OPEN REDIRECTION)

Hii everyone !! 😊 Hope all are good . I am Jagadeeswaran B , Bug Hunter and a CyberSecurity Researcher. This is my first writeup on my very first vulnerability : OPEN REDIRECTION.

So now without wasting time !

What is open redirection?

Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.

I started my hunting on December 2020 and for all i did not find anything at first.

So I was depressed at the earliest. So I tried again and again and at last I found a bug on Redacted.com (NOTE : The site does not allow disclosure) so i am not going to say the site name and let’s keep it as Redacted.com

STEPS TO REPRODUCE:

1. Open the domain (i.e) https://Redacted.com
2. And in the end I have added some '/' nothing but it’s a fuzzing, and typed the following [///www.bing.com//]
3. Boomm!!!! The site is now redirected to bing.com which leads to open redirection.
4. Hacker uses this vulnerability to redirect to his fake site and tries to get the user credentials.

As it offers only points and swag I didn’t receive any Bounty . Received 5points and swags from them 🤤

Yeah Yeah I know it’s too late to publish this but it’s ok 🙂

REPORTED →23 DEC 2020 ( 6AM)

REPLYED →23 DEC 2020 (11AM) as you can see a good response time 😋😋

CLOSED AND FIXED ON → 27 SEP 2021

SWAG ARRIVED ON→ 04 OCT 2021

Thanks for reading ❤️☺️ !! Hope to see you in the next writeup.

Reach me on LinkedIn - (https://www.linkedin.com/in/jagadeeswaran-b-44a9901bb)