How I bypassed Ebay process on redirect

hey guys this is my first blog so be free to comment any suggestion to improve my blog in the next time.

Ebay is a web application like Amazon to buy or sell some thing on it should has more security to save the users information because the website has a sensitive information.

So i started testing the site and when i enter my account to log in i notice tat in the GET request (in the link) the the website redirect me after the login so i tried to change the host to another one but it’s not work so i started looking for a bypass for this filter so i enter the link like that http://ebay.com@google.com but unfortunately it’s not work.

So i don’t give up and tried to bypass it again so i add the link like that http://test.ebay.com/ so it’s work and i redirected to ( test.ebay.com ) but it’s not open redirect but it’s helped me a lot now I can redirect the user to a subdomain so in this time thinking about how i can make this useful for me and i enter this URL in the redirect http://google.com.ebay.com/ and it’s redirected me to ( google.com.ebay.com ) and i notice that if i add a character with URL-encode it’s will decoded so i think if i can make a part of the URL commented it’s will redirected to the other part and the ebay process on redirect it’s the ebay domain should be in the redirect so in this time i thinking how i can comment the last part which include the ebay domain and i got it and add this ( # ) after the host which i want to redirect the user to it but when i enter it with out URL-encode it’s will not work so i add it in this form (%23) and the last URL is http://google.com%23.ebay.com/ and Booom it works and i was so happy.

This bypass works in any redirect in Ebay but when i send it i got duplicate so in this time i was sad ~_~

the message from Ebay security team

this is how i bypassed the Ebay process on redirect,

Thanks for reading.