Open Redirect in Flattr

Posted Jun 11, 2020 Updated Jun 17, 2022

By Vikrant Singh Chauhan

1 min read

This bug in Flattr was a low impact Open Redirect that allowed attacker to redirect the victim after authorizing Twitter.

PoC

https://flattr.com/settings/connect/twitter?redirect=https://hackberry.xyz

Timeline

Found vulnerability – 5th June, 2020
Made contact with Flattr on Twitter – 5th June, 2020
Reported vulnerability on Twitter – 9th June, 2020
Bug fixed – 11th June, 2020
Disclosed On – 11th June, 2020

Penetration Testing, Coordinated Disclosure

bug bounty hunting open redirect

This post is licensed under CC BY 4.0 by the author.

Recently Updated

Trending Tags

craftcms source code review vulnerability research bug bounty hunting burnout dynamic importing Greybox Testing IP leak javascript open redirect

Contents

Trending Tags

craftcms source code review vulnerability research bug bounty hunting burnout dynamic importing Greybox Testing IP leak javascript open redirect

A new version of content is available.