Open Redirect to XSS

Abhishek Abhishek

Nov 23, 2019

Open Redirect to XSS

This blog was originally published here by Abhishek

As I was browsing the website, I found a redirect parameter at the login page.

So I decided to try some common open redirect payloads.

google.com //http:google.com //google.com google.com//google.com

The list is quite long. You can check out them here and here. After some fuzzing one of the payload http://;@google.com redirected me when I logged in.


Next to see if it was was vulnerable to XSS, I inserted javascript:alert(1) and I got a pop-up.

I reported it and they fixed it within 3 days and rewarded me $300.

Pretty easy find, hope you learned something. If you liked it then please share.

Follow me on X — https://x.com/abhishekY495

Thank You.😁

To add your blog, send an email to [email protected]

Recommended Blogs

SQL Injection & Remote Code Execution - Double P1

SQL Injection & Remote Code Execution - Double P1

Jerry Shah

Sep 13, 2020

Hitting the jackpot with RCE!

Hitting the jackpot with RCE!

Gokul SK

Aug 26, 2024

Programs to Hack

DoiT

DoiT

DoiT Cloud Intelligence™ is the only end-to-end, enterprise-grade FinOps platform that goes beyond just cost optimization to drive reliability, performance, and security.

Web2

Bounty

$100 - $10,000

Grailed

Grailed

Grailed is the one-stop destination for buying, selling and exploring menswear and womenswear.

Web2

Bounty

$0 - $3000