Open redirection via login

Note: ignore ////

Assuming the target was ////

When visiting the website and navigate to Login page . The website return GET parameters , one of them was interesting as it seems good to check for open redirection.

If you tried to inject [ ] and log in , the website will redirect you to ////
If you tried to inject [ //// , //// , other common open redirection whitelist bypass ] it won’t work.

After that i checked and changed the parameter value from




After log in , the website will get your redirected to ////

After checking , was not paid domain and available to purchase . That being said if attacker buy it from //// or other domain registration service, he can got open redirection on the endpoint and redirect to its website which it is ////

I’m here trying to write bugs , tricks in bug bounty hunting and penetration testing because i like this form + to inspire other researchers on the community to write their findings here.

The reason between having //// before websites urls is because i’m new user and i can’t post more than 2 links in a post so i put these chars.



Nice one!
If they only check the first part of the target url (i.e. until the first dot) maybe then you could also redirect to, if you already have

1 Like

Yeah , thanks for your notice, i’ll put this in mind in future tests too but in case of this company i stopped there when i was testing cause i know it will be marked as duplicate and it got marked as duplicate in the end xD.

1 Like