This bug in Flattr was a low impact Open Redirect that allowed attacker to redirect the victim after authorizing Twitter.
PoC
1
2
https://flattr.com/settings/connect/twitter?redirect=https://hackberry.xyz
Timeline
- Found vulnerability – 5th June, 2020
- Made contact with Flattr on Twitter – 5th June, 2020
- Reported vulnerability on Twitter – 9th June, 2020
- Bug fixed – 11th June, 2020
- Disclosed On – 11th June, 2020