On September 16, I was searching for a bug in a certain website let’s call it “buggyweb.com”. I was clicking and visiting every link available on the site.
After playing around for some time I have gathered some information about it. So I decided to test for open redirect on that website.
I was looking in the URL for the parameter like “url, path, redirect, etc”. After some time I was on the payment page of that website which looks like this
At first, I tried to change the “shopurl” but I was out of luck. So I tried to encode the URL and try again but no luck. After some time I notice that there was a redirect parameter in the URL, so I tried to change the value of the redirect parameter to 1and I was hoping I will get success but no luck. So I tried again and change the redirect parameter value to true and BOOM! this was a Success.
This was my first bug so I got excited so just want to report immediately. So I record the video and mail them after some time I got a mail saying that was valid and I was awarded a bounty.
Thank You so much for reading this. This is my first blog so deal with my mistakes.