$1000 open redirect | Bug Bounty POC 2023

preview_player
Показать описание

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
HackerOne hacktivity Link:

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Credit:

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Disclaimer:

The following video is not owned or created by me. It is publicly available on HackerOne's activity page and is being shared solely for educational purposes. The video showcases a bug report submitted by qualw1n to demonstrate an open redirect vulnerability in Expedia's website. All credit goes to the original reporter of the bug. The purpose of sharing this video is to raise awareness about the importance of cybersecurity and to encourage responsible disclosure of vulnerabilities.

#bugbounty #hacking #cybersecurity #openredirect #websecurity #poc #bug #bughunter
Рекомендации по теме
Комментарии
Автор

sonunda türk bir bug bounter varya çok sevindim bu işi benden başka yapan birisi varmış :Ddd

treanglex
Автор

Hello Brother, let me ask you due to my confusing. I know about finding redirect parm and testing open redirect. In your cases, you find out there is redirect at sign in/out. But you redirect with ? without using any parm. How are they different? I just know simple how ? work in open-redirect.

NyanYeLwin-fvut
Автор

so you made 2 acounts and get hacked him from the parameter like csrf of idor but of another way ?

mango
Автор

It would be nice to zoom especially the URL area while making this vids.

aleksjagger
Автор

kral open redirect işinde para varmı informative mi dönüyorlar? hackerone'da nasıl arayabilirim ödemeli olanları

saglamairdropstrongairdrop
Автор

I report same issue but close it informative :(

hunterone