Open redirect vulnerability in index.php

**Summary:** `Hello Team i would like to report an open redirect on hackerone.com with reference to report #320376. In report #320376 it shows vulnerability i mitigated but still i am able to reproduce it. so all the summary and description remains the same. Redirection is performed by HackerOne website when index.php page is visited. The parameter to index.php is used in redirection. By manipulating this parameter, an attacker can redirect victim outside www.hackerone.com **Description:** When a user visit www.hackerone.com/index.php/xyz he/she is redirected to www.hackerone.com/xyz. However, when visiting www.hackerone.com/index.php/index.phpxyz user will be redirected to www.hackerone.comxyz (without a slash between com and xyz). Further, when visiting www.hackerone.com/index.php/index.php.hacker0ne.com user will be redirected to www.hackerone.com.hacker0ne.com (a subdomain hacker0ne.com) ### Steps To Reproduce 1.Visit https://www.hackerone.com/index.php/index.php.hacker0ne.com 2. Notice that the site redirects to https://www.hackerone.com.hacker0ne.com/ ### Optional: Your Environment (Browser version, Device, etc) All Browsers ## Impact Attacker can trick users to visit malicious websites.