How I got $500 with Open redirect

我是如何通过 Open redirect 得到500美元的

Hei Everyone:) Hope you are fine.Today i will gonna share you How i find open redirect Bug on example.com website.I think everyone can get this bug out.so why i share? okk..Only when you read the text you will understand.

大家好:)希望你们都很好。今天我要和大家分享我是如何在网站上找到开放重定向 Bug 的,我想每个人都能找到这个 Bug,那么我为什么要分享呢?好吧。.只有当你阅读课文时,你才会明白。

Ok Ready Boys;)

好的,准备好了的男孩们

Site is example.com.First of all, i use nuclei tool for find Bug.But I did not get any bug. Because everyone runs nuclei tool so the chances of getting bug are less. Although it is more likely to be duplicate. Anyway, let’s hope it works, so when I didn’t get any bugs and no open redirect. Usually if there is any open redirect bug in the website, it can be found by nuclei tool.But this did not happen to me. I don’t know,why can’t find open redirect bug I bought from Nuclei. I think there was a missing any path .So, when I didn’t find any bugs, I opened the subdomain one by one and started looking for all the bugs along with open redirect. The Interesting thing is that,my first try is a success.yes it’s open redirect.

网站就是榜样. com。首先,我用原子核工具来找 Bug。但是我没有得到任何错误。因为每个人都运行原子核工具,所以得到错误的机会较少。虽然它更有可能是重复的。无论如何,让我们希望它工作,所以当我没有得到任何错误,没有开放重定向。通常情况下,如果有任何开放重定向错误的网站,它可以发现的原子核工具。但这并没有发生在我身上。我不知道,为什么找不到我从 nucleus 买来的开放重定向 bug。我觉得有一条路不见了。所以,当我没有发现任何漏洞时,我就一个一个地打开子域,并开始用开放重定向来寻找所有漏洞。有趣的是,我的第一次尝试成功了,是的,它是开放重定向。

My first try is https://subdomain.site.com/////bing.com

我的第一个尝试是 https://subdomain.site.com/////bing.com

https://subdomain.site.com//bing.com—fail:(

Https://subdomain.site.com//bing.com—fail :

https://subdomain.site.com///bing.com—success:)[i report it]

Https://subdomain.site.com///bing.com—success :)[我报告了]

i find open redirect bug in many subdomain on this site.But reported only 3 subdomain.

我发现开放重定向错误在许多子域在这个网站上。但报告只有3个子域。

Apparently there are many hackers who do not manually hunt these bugs depending on the nuclei tool.

显然,有很多黑客不会依靠原子核工具手动搜寻这些漏洞。

Note: My sole purpose in writing this write up was to try the bugs manually without relying only on the nuclei tool.

注意: 我写这篇文章的唯一目的是手动尝试这些 bug,而不是仅仅依赖于原子核工具。

Tips or say whatever, I can recommend you please don’t just rely on any tool.

小贴士或者说什么,我可以建议你不要只是依赖任何工具。

— — — — — — — — — — — — —

ーーーーーーーーー

I’m human, I could be wrong, please forgive me goes any wrong and please pray for me.

我是人,我可能错了,请原谅我的错误,请为我祈祷。

Thanks everyone☺

谢谢你们,塞利

my Twitter : https://twitter.com/mamunwhh

我的推特: https://Twitter.com/mamunwhh