How I Bypassed open redirect and i have get reward from yandex

Hello evryone ☺

i will share with you about bug “ open redirect “ This vulnerability is known to everyone, but what I wanted to show you how i bypassed open-redirect

so firstly , I think some researchers know ways to overcome them, but I don’t think that all researchers know such methods, so I wanted to write it and share it maybe i can help someone .

There is an Open Redirect on due to the application not checking the value passed by the user to the “site” parameter.

Anyone when he want to test vuln “ open redirec “ he do this but this did not work waht can do ?

i am test with but its worked by this paylads : /// → :

after that the page redirected to i report this to yandex and i get rewards 100$

PoC Videu Here

and hall of fame on 06/2020

thanks for reading my report :)

Bug Bounty Hunter