Open redirect in informatica (BugBounty)

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

So to reproduce this bug follow the below steps

  1. Go to https://www.informatica.com/ and choose Free trial option to complete the sign up process.
  2. Now to login click on login button and select Inforamatica account to login
  3. Enter the ceredentials and you’ll find yourself on homepage
  4. Now right click on Log out option and copy the link location (Below is the link)

https://infapassport.okta.com/login/signout?fromURI=https%3A%2F%2Fwww.informatica.com%3A%2Fsystem%2Fsling%2Flogout%3Fresource%3D%252F

5. Now replace the value of fromURI with the URL on which you want to redirect it (Here https://www.google.co.in) (Below is the link)

https://infapassport.okta.com/login/signout?fromURI=https://www.google.co.in

6. And press enter you’ll get a redirect to https://www.google.co.in.

7. Below is the videos PoC which will give you more idea.

(PoC)