As I was browsing the website, I found a redirect parameter at the login page.
So I decided to try some common open redirect payloads.
google.com //http:google.com //google.com google.com//google.com
The list is quite long. You can check out them here and here. After some fuzzing one of the payload http://;@google.com redirected me when I logged in.
Next to see if it was was vulnerable to XSS, I inserted javascript:alert(1) and I got a pop-up.
I reported it and they fixed it within 3 days and rewarded me $300.
Pretty easy find, hope you learned something. If you liked it then please share.
Follow me on X — https://x.com/abhishekY495
Thank You.😁
To add your blog, send an email to hello@bugbountydirectory.com
