Open Redirect On

Description : 

Open redirects and forwards are possible when a web application accepts untrusted
input that could cause the web application to redirect the request to a URL contained within untrusted
input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a
phishing scam and steal user credentials. Because the server name in the modified link is identical to the

original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and
forward attacks can also be used to maliciously craft a URL that would pass the application’s access
control check and then forward the attacker to privileged functions that they would normally not be
able to access.

Impact :

Force user go to untrusted website from codepolitan website

Location of bug :

Payload :

Reproduce :

1. Open
2. Login, and you will be redirect to

Conclusion : 

Open redirect make user not safe because force user go to untrusted website ( scam
/phising) without user know

Video : 

Note :

Codepolitan crew its very fast on patch the bug, and them also will give me the SWAG and add my name on their hall of fame, yeay !

Credit :