Sourav Sahana


Sourav Sahana Uncategorized Bypass Open Redirect Protection

Bypass Open Redirect Protection

Hello Hunters, Hope you all are hunting well ! If you are learning from my write-ups and like my post please follow me on social media.

This issue I found because of little of my luck. 2-4 months ago I was searching a perfect program for me in HackerOne and suddenly I got a notification from a private program that a new scope has been added. Immediately I went to that program page and read all details.

When I get this type of new target I always use wayback machine to fetch public endpoints. As always found a login endpoint: , And guess what? Open Redirect was in scope issue.

But wait…! I tried to change the r parameter with an external domain like:, //,,,, etc. But nothing happened ! It simply redirecting to the main domain.

I noticed another thing, If I use a sub-domain of the target domain in r parameter like: , It redirecting me to

So I used this payload: . And it’s redirecting me to Bypassed !

Basically application was checking that if r parameter has the keyword: or not. If yes then redirect accept and if not then stay in the current domain.

Thanks for reading this post. Stay happy and be safe !..

Leave a Reply

Your email address will not be published. Required fields are marked *

TopBack to Top