Open Redirect Protection Bypass
X
X (Formerly Twitter)
Submitted None
Actions:
Reported by
avinash_
Vulnerability Details
Technical details and impact analysis
Hi
Report #281538 is fixed but Attacker can Bypass this Open Redirect Protection.
Give this link ``` https://twitter.com/teams/authorize?target_screen_name=&authorize_callback=//www.facebook.com``` to authorized victim.Twitter will say him to authorize a different account for create team.After authorization victim will be redirected to ```www.facebook.com```
Vulnerable point ```//www.facebook.com``` (You can use //www.example.com )
Open Redirection Protection Bypassed.
PoC video attached
With Best Regards
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Open Redirect