Open Redirect In Flock | My First Swag pack

Hello Every one,



This  post is about an Open Redirect that i found in Flock.co back in 2016



So back then, in 2016  I started finding bugs in various sites
and all I was getting was duplicate, wont'fix,Thanks and few Hall of Fame  :(

One day one of my friend posted about goodies that he has got from Flock



So i started looking for bugs on it 


Got one reflected XSS that turned out to be a out of scope site :3
And one open redirect that got valid :D
That got me my first swag pack :D




Wait a sec ? you didn't came here to read my story :v


Technical part :

This was there login system

1) User enters login credentials
2)  It gets validated
3) They Redirect to dashboard


This what the redirect url looked liked

 https://auth.flock.co/login?auth_token=xyz&platform=BROWSER&redirect_uri=https%3A%2F%2Fflock.co
So i changed the redirect_uri parameter value to google.com and it worked ^_^


             


That's how i got my First Goodie pack.


Thanks

Comments

Post a Comment

Popular posts from this blog

Exploiting CORS Misconfiguration using XSS

Image
Hello All, This Post is about how i exploited a Cross Origin Resource Sharing (CORS) Misconfiguration with the help of Cross Site Scripting (XSS) After reporting some bugs to Netgear Kudos program I started getting old private program invites on Bugcrowd One of which was with 300+ researchers and running from 2015 I wasn't happy about that, As i thought  I won't be able to find any thing as the program is running from such a long time and so many others have looked at it before me.  Even if i will get something the chances of that being duplicate is high. But then Osama said this So I finally started looking at it and trying my best to find something, Got one P3  but it went duplicate :( But then I got an endpoint that was having simple CORS misconfiguration and the endpoint was giving user details like email address , age , g ender , DOB , etc in response It was triaged, paid and fix within a week I was happy and was planing ...
Read more

XSS Because of wrong Content-type Header

Image
Hello All, XSS because of Wrong content type in InternShala.com Internshala : Internshala is an internship platform, this website helps students find internships with organisations in India - wiki While checking this site  I got an endpoint which didn't had CSRF protection. I can change the user details (name, address,etc) Not email :( One thing that was weird with that endpoint was that  it was giving  a JSON response But the content type header was not  :  application/javascript Rather it was set as :   text/html   I was fiddling with that as I knew if we can inject html then we can get XSS here  :D But they had filters so it was just HTML Injection -_- that isn't  cool to report  But there was another parameter   current_city_administrative_area_level_2   changing its value caused and error   Lets Build Payload  Problem no (1) White space was not allowed ...
Read more