Nyein Chan Aung
Dec 30, 2021

How I found Open redirect vulnerability easily

For Noob Beginner like me

When I try to acess https://lotaya.mpt.com.mm with my account

See a login page with vulnerable url :
https://auth.mpt.com.mm/oauth/login/form?redirect=https%3A%2F%2Fmpt4uclp.mpt.com.mm%2F%23%2Flogin&lang=mm

Then I change "////evil.com" instead of "https://mpt4uclp.mpt.com.mm" and refresh the page but its not work .Then I viewed the source code.

I found
<input type="hidden" name="redirect" value="////evil.com">

They post redirect value with hidden input tag
So I login to my account.

Boom ! Redirect to evil.com

Happing Hacking ")
#justforknowledge

#openredirect
#bugbountytips

Nyein Chan Aung
Nyein Chan Aung

Responses (1)