Open Redirect in erudika/scoold

Valid

Reported on

Aug 1st 2021


✍️ Description

Open redirect bypass

🕵️‍♂️ Proof of Concept

i see you resently fixed open-redirect . But it can be bypassed .
1. First login into your account and visit https://live.scoold.com/signin?returnto=https://live.scoold.com@google.com/xx and see you just redirected to different site

💥 Impact

open-redirect

We have contacted a member of the erudika/scoold team and are waiting to hear back 4 months ago
Alex Bogdanovski validated this vulnerability 4 months ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Alex Bogdanovski confirmed that a fix has been merged on 1c5f4a 4 months ago
Alex Bogdanovski has been awarded the fix bounty