Open Redirect ████████

## Summary: Affected URL(s): ████&redirectUrl=█████ Affected Parameter: redirectUrl Vulnerability Type: Unvalidated / Open Redirect Browsers tested: Google Chrome - Version 80.0.3987.132 (Official Build) (64-bit) Mozilla Firefox - 74.0 (64-bit) Microsoft Edge - Microsoft Edge 44.18362.449.0 ## Steps To Reproduce: 1) Change the value of 'redirectUrl' parameter by adding two forward slashes (//) before the link you want to redirect to. Use this URL pattern to bypass the domain check filter. ██████████ 2) User will be redirected to the provided URL if he clicks on the 'Skip for now' button. ## POC link: █████ Clicking on 'Skip for now' button will redirect you to ███████ ## Potential Impact: An attacker can redirect logged in as well as logged out Glassdoor users to a malicious website of his choice for carrying out phishing attacks or to chain with other attacks. ## Details of exploitation scenarios: The affected URL takes a Glassdoor user to a page where he can add his salary details. The page has two options, 'Skip for now' and 'Submit Salary'. The value in 'redirectUrl' parameter is used as an href attribute value for the 'Skip for now' button without proper validation. If an attacker changes the value to his domain name and the user clicks on 'Skip for now' button, his browser will be redirected to the value in 'redirectUrl' parameter which is the attacker's domain. This attack works no matter the user is logged into his Glassdoor account or not. ## Impact An attacker can redirect logged in as well as logged out Glassdoor users to a malicious website of his choice for carrying out phishing attacks or to chain with other attacks.