Header Ads Widget

Open Redirect Real World Severity | Maloy Roy Orko


Bug Bounty Facts: 

Don't Even Think About Bounty If You Are Thinking That Finding A Open Redirect Can Make Money.

For Making Money: You have to be able to do chaining attacks like Open Redirect to Xss 

This is a Security Risk Not Vulnerability.

Why They Don't Care About Your Finding?

(1) Security System Like Linkshim 

(Linkshim Basically Blocks Phishing or Malicious Websites Based On its Content as it hits the website first and then redirects)

(2) CSP Strict Policies (To block XSS)

(3) Firewalls


Scenarios -1:

As,above security configurations block attacks and then why will they consider it as vulnerability?

Scenarios -2:

There is no data dump vulnerability or access and modification issue here.

The whole thing us: Users will fall for Phishing & Browser Hijacking For This!

That's The Problem of users not the authorities as they have no problem in their system.

This was just an redirection system.