How I got my first bounty. (Open Redirect)

On September 16, I was searching for a bug in a certain website let’s call it “buggyweb.com”. I was clicking and visiting every link available on the site.
After playing around for some time I have gathered some information about it. So I decided to test for open redirect on that website.

I was looking in the URL for the parameter like “url, path, redirect, etc”. After some time I was on the payment page of that website which looks like this
“buggyweb.com/order/checkout.php?redirect=0/shopurl=buggyweb.com/someting ”

At first, I tried to change the “shopurl” but I was out of luck. So I tried to encode the URL and try again but no luck. After some time I notice that there was a redirect parameter in the URL, so I tried to change the value of the redirect parameter to 1and I was hoping I will get success but no luck. So I tried again and change the redirect parameter value to true and BOOM! this was a Success.

This was my first bug so I got excited so just want to report immediately. So I record the video and mail them after some time I got a mail saying that was valid and I was awarded a bounty.

Thank You so much for reading this. This is my first blog so deal with my mistakes.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store