Open Redirect In Flock | My First Swag pack
Hello Every one, This post is about an Open Redirect that i found in Flock.co back in 2016 So back then, in 2016 I started finding bugs in various sites and all I was getting was duplicate, wont'fix,Thanks and few Hall of Fame :( One day one of my friend posted about goodies that he has got from Flock So i started looking for bugs on it Got one reflected XSS that turned out to be a out of scope site :3 And one open redirect that got valid :D That got me my first swag pack :D Wait a sec ? you didn't came here to read my story :v Technical part : This was there login system 1) User enters login credentials 2) It gets validated 3) They Redirect to dashboard This what the redirect url looked liked https://auth.flock.co/login?auth_token=xyz&platform=BROWSER&redirect_uri=https%3A%2F%2Fflock.co So i changed the redirect_uri parameter value to google.com and it worked ^_^ ...