I was trying to find a good program to hunt on Hackerone. Then, I found a program. let's call it example.com. I was testing every link and functionality of the website. Suddenly, I got some idea in my mind to hunt for the open redirect.
I was testing every functionality which redirects me to the login page of that website. After a lot of manual work, The website has a deals page, To activate the deal user should be logged in. Then I tried to click on the login button. It redirects me to the login page example.com/login?param=/deals something like that. It has a redirect parameter that redirects me to that page when I successfully log in.
I tried with different open redirect payloads and bypassing mechanisms. You can get Open Redirect cheatsheet from https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html. After some modification and lots of trying… Boom! I found the open redirect vulnerability.
Immediately I reported the Vulnerability to the Security team of the website. After 3 weeks I received a response from their team as they accepted my report and they will provide me a bounty for my finding. I received my bounty reward from the company after a week.
Thank you so much for reading my post