Hello Friends, Today, I'm gonna share one of my coolest finding that how I found an Open-Redirect vulnerability on private site of Bugcrowd. Open Redirect: Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input. How I found Open Redirect vulnerability? In my free time, I was looking for bugs and at the same time, I received an Invitation on Bugcrowd.  I visit the site and registered an account on that site. I can't disclose the website name, so let’s assume https://redacted.com So, I found this normal login endpoint ie  https://redacted.com/login?nextUrl=url Next, I try some open redirect payloads on next parameter ie next Url =http://evil.com or next Url =//evil.com and others but nothing worked.  I randomly put evil.com after next paramter ie https://redacted.c

Hello Friends, Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag. If you don't know about tabnabbing or tabnapping, then visit this https://www.hackerinside.me/2018/09/what-is-tabnabbing-and-tabnapping.html  PoC : Open Edge browser and visit this post [ https://www.hackerinside.me/2019/01/tabnapping-vulnerability-in-edge.html ] Next, click on the link given below [ https://whitehatpentesting.000webhostapp.com/tabnabbing.html ] Your previous tab will be redirected to evil.com which proves the vulnerability. You can also check this on Chrome and Firefox. Prevention:   To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer". Hope Microsoft will fix this bug and other bugs in Future.