Open Redirect on Login Page of Stocky App
Medium
Vulnerability Details
Vulnerable app is Stocky,
1. Visit login page of app with vulnerable parameter & malicious website address`(?return_to=//evil.com)` like `https://stocky.shopifyapps.com/users/login?return_to=//evil.com`
2. Then login to account
3. Open Redirect is executed
PoC Video:
{F1172071}
## Impact
Open Redirect
Actions
View on HackerOneReport Stats
- Report ID: 1087189
- State: Closed
- Substate: resolved
- Upvotes: 14