How I got $500 with Open redirect

我是如何通过 Open redirect 得到500美元的

Hei Everyone:) Hope you are fine.Today i will gonna share you How i find open redirect Bug on website.I think everyone can get this bug why i share? okk..Only when you read the text you will understand.

大家好:)希望你们都很好。今天我要和大家分享我是如何在网站上找到开放重定向 Bug 的,我想每个人都能找到这个 Bug,那么我为什么要分享呢?好吧。.只有当你阅读课文时,你才会明白。

Ok Ready Boys;)


Site is of all, i use nuclei tool for find Bug.But I did not get any bug. Because everyone runs nuclei tool so the chances of getting bug are less. Although it is more likely to be duplicate. Anyway, let’s hope it works, so when I didn’t get any bugs and no open redirect. Usually if there is any open redirect bug in the website, it can be found by nuclei tool.But this did not happen to me. I don’t know,why can’t find open redirect bug I bought from Nuclei. I think there was a missing any path .So, when I didn’t find any bugs, I opened the subdomain one by one and started looking for all the bugs along with open redirect. The Interesting thing is that,my first try is a success.yes it’s open redirect.

网站就是榜样. com。首先,我用原子核工具来找 Bug。但是我没有得到任何错误。因为每个人都运行原子核工具,所以得到错误的机会较少。虽然它更有可能是重复的。无论如何,让我们希望它工作,所以当我没有得到任何错误,没有开放重定向。通常情况下,如果有任何开放重定向错误的网站,它可以发现的原子核工具。但这并没有发生在我身上。我不知道,为什么找不到我从 nucleus 买来的开放重定向 bug。我觉得有一条路不见了。所以,当我没有发现任何漏洞时,我就一个一个地打开子域,并开始用开放重定向来寻找所有漏洞。有趣的是,我的第一次尝试成功了,是的,它是开放重定向。

My first try is


Https://—fail :—success:)[i report it]

Https://—success :)[我报告了]

i find open redirect bug in many subdomain on this site.But reported only 3 subdomain.


Apparently there are many hackers who do not manually hunt these bugs depending on the nuclei tool.


Note: My sole purpose in writing this write up was to try the bugs manually without relying only on the nuclei tool.

注意: 我写这篇文章的唯一目的是手动尝试这些 bug,而不是仅仅依赖于原子核工具。

Tips or say whatever, I can recommend you please don’t just rely on any tool.


— — — — — — — — — — — — —


I’m human, I could be wrong, please forgive me goes any wrong and please pray for me.


Thanks everyone☺


my Twitter :