Home Open Redirect in Flattr
Post
Cancel

Open Redirect in Flattr

This bug in Flattr was a low impact Open Redirect that allowed attacker to redirect the victim after authorizing Twitter.

PoC

1
2
https://flattr.com/settings/connect/twitter?redirect=https://hackberry.xyz

Timeline

  • Found vulnerability – 5th June, 2020
  • Made contact with Flattr on Twitter – 5th June, 2020
  • Reported vulnerability on Twitter – 9th June, 2020
  • Bug fixed – 11th June, 2020
  • Disclosed On – 11th June, 2020
This post is licensed under CC BY 4.0 by the author.