Open redirects and forwards are possible when a web application accepts untrusted
input that could cause the web application to redirect the request to a URL contained within untrusted
input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a
phishing scam and steal user credentials. Because the server name in the modified link is identical to the
original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and
forward attacks can also be used to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions that they would normally not be
able to access.
Force user go to untrusted website from codepolitan website
Location of bug :
1. Open https://www.codepolitan.com/users/login?callback=http://attacker.com
2. Login, and you will be redirect to evil.com
Open redirect make user not safe because force user go to untrusted website ( scam
/phising) without user know
Codepolitan crew its very fast on patch the bug, and them also will give me the SWAG and add my name on their hall of fame, yeay !