Showing posts from January, 2019

A Tricky Open Redirect

Hello Friends,
Today, I'm gonna share one of my coolest finding that how I found an Open-Redirect vulnerability on private site of Bugcrowd.

Open Redirect:
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input.

How I found Open Redirect vulnerability?
In my free time, I was looking for bugs and at the same time, I received an Invitation on Bugcrowd. 
I visit the site and registered an account on that site.
I can't disclose the website name, so let’s assume

So, I found this normal login endpoint ie

Next, I try some open redirect payloads on next parameter ie nextUrl= or nextUrl=// and others but nothing worked. 
I randomly put after next paramter
and after login, the site redirects …

Tabnapping Vulnerability in Edge Browser [Unpatched]

Hello Friends,

Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag.

If you don't know about tabnabbing or tabnapping, then visit this 


Open Edge browser and visit this url


To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer".

Hope Microsoft will fix this bug and other bugs in Future.