Open Redirect in Flattr
Reported a low impact Open Redirect to Flattr
- Posted on:
2020-06-11 05:12 - Reading Time: 1 min
- Share on:
Table of Contents
This bug in Flattr was a low-impact Open Redirect that allowed an attacker to redirect the victim after authorizing Twitter.
PoC
Visit the URL
https://flattr.com/settings/connect/twitter?redirect=https://eval.blog
After authorization, user will be redirected to eval.blog.
Disclosure Timeline
| Datetime | Log |
|---|---|
| 5th June, 2020 | Vulnerability was found Contacted Flattr on Twitter for responsible disclosure |
| 9th June, 2020 | Reported vulnerability |
| 11th June, 2020 | Vulnerability fixed Publicly disclosed |