by About Me
I’m a Security Researcher at HackerOne, and in 2022, I ranked 60th globally on the HackerOne leaderboard. You can check my ranking here. For insights and tips on Bug Bounty, follow me on Twitter: @adnansamibhuiyan.
A Brief Summary
I first encountered Bug Bounty programs in January 2020, which sparked my interest. Initially, I practiced on vulnerable machines, but it didn’t quite meet my needs. I decided to test my skills on real websites and, during my practice, discovered a bypass vulnerability at Epic Games. This discovery led me to formally start Bug Bounty hunting in April 2022.
The Bug
The vulnerability I found is an Open Redirect. Although it wasn’t a straightforward Open Redirect issue, I managed to achieve a bypass. While learning about Open Redirects and how they function, I needed a test link. I chose a link from HackerOne that was associated with Epic Games. To my surprise, my bypass worked. I tested various payloads, and the only one that succeeded included four backslashes before the host link. The payload used was: &redirectUrl=////evil.com.
Valid Redirect Link:
https://www.redacted.com/id/login?lang=en-US&noHostRedirect=true&redirectUrl=https%3A%2F%2Fstore.redacted.com%2F
Open Redirect Link:
https://www.redacted.com/id/login?lang=en-US&noHostRedirect=true&redirectUrl=////evil.com
Conclusion
As this was my first discovered bug, I was thrilled and celebrated by saying “Alhamdulillah.”
I do not even know how I ended up here, but I thought this post was good.
I do not know who you are but certainly you’re going to a
famous blogger if you are not already 😉 Cheers!
Thanks a lot
Greate article. Keep writing such kind of info on your page.
Im really impressed by your site.
Hey there, You’ve performed a great job.
I will definitely digg it and personally recommend to my
friends. I am confident they will be benefited from this site.
Thanks a lot
I’m really enjoying the design and layout of your site.
It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a designer to create your theme?
Great work!
Hey thanks a lot … no I designed it by myself…hehe