Showing posts from January, 2019

A Tricky Open Redirect

Hello Friends,
Today, I'm gonna share one of my coolest finding that how I found an Open-Redirect vulnerability on private site of Bugcrowd.

Open Redirect:
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input.

How I found Open Redirect vulnerability?
In my free time, I was looking for bugs and at the same time, I received an Invitation on Bugcrowd. 
I visit the site and registered an account on that site.
I can't disclose the website name, so let’s assume

So, I found this normal login endpoint ie

Next, I try some open redirect payloads on next parameter ie nextUrl= or nextUrl=// and others but nothing worked. 
I randomly put after next paramter
and after login, the site redirects …

Tabnapping Vulnerability in Edge Browser [Unpatched]

Hello Friends,

Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag.

If you don't know about tabnabbing or tabnapping, then visit this 


Open Edge browser and visit this post
Next, click on the link given below
Your previous tab will be redirected to which proves the vulnerability.

You can also check this on Chrome and Firefox.


To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer".

Hope Microsoft will fix this bug and other bugs in Future.