Open Redirect In Flock | My First Swag pack

Hello Every one,



This  post is about an Open Redirect that i found in Flock.co back in 2016



So back then, in 2016  I started finding bugs in various sites
and all I was getting was duplicate, wont'fix,Thanks and few Hall of Fame  :(

One day one of my friend posted about goodies that he has got from Flock



So i started looking for bugs on it 


Got one reflected XSS that turned out to be a out of scope site :3
And one open redirect that got valid :D
That got me my first swag pack :D




Wait a sec ? you didn't came here to read my story :v


Technical part :

This was there login system

1) User enters login credentials
2)  It gets validated
3) They Redirect to dashboard


This what the redirect url looked liked

https://auth.flock.co/login?auth_token=xyz&platform=BROWSER&redirect_uri=https%3A%2F%2Fflock.co


So i changed the redirect_uri parameter value to google.com and it worked ^_^




             


That's how i got my First Goodie pack.


Thanks

Comments

Post a Comment

Popular posts from this blog

Exploiting CORS Miss configuration using XSS

XSS Because of wrong Content-type Header