Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com
Low
X
X (Formerly Twitter)
Submitted None
Team Summary
Official summary from X (Formerly Twitter)
This report details an open redirect issue that enabled crafting potentially malicious URLs which could be used to redirect users to a site specified in a URL parameter of the URL creator's choosing. This may allow an attacker to exploit a user's trust by leveraging open redirect on the affected subdomains (flightschool.twitter.com and takeflight.twitter.com) to launch phishing scams by masquerading as the legitimate websites.
Actions:
Reported by
nagli
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Open Redirect