We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Open Redirect in erudika/scoold

Valid

Reported on

Aug 1st 2021

✍️ Description

Open redirect bypass

🕵️‍♂️ Proof of Concept

i see you resently fixed open-redirect . But it can be bypassed .
1. First login into your account and visit https://live.scoold.com/signin?returnto=https://live.scoold.com@google.com/xx and see you just redirected to different site

💥 Impact

open-redirect

We have contacted a member of the erudika/scoold team and are waiting to hear back 2 years ago
Alex Bogdanovski validated this vulnerability 2 years ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski marked this as fixed with commit 1c5f4a 2 years ago
Alex Bogdanovski has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation