External URL page bypass

From Hackipedia
Jump to: navigation, search
Hackerone #63158
Target: Hackerone
Target Module:
Type: Open Redirect
Payload: [test](/\x08/evil.com
Original: Link
CVE:
Archive Screenshot

Hackerone reports allow links to be shared between corespondents. In an effort en ensure the safty of users looking at the report all links lead to a warning page that will make note they are leaving hackerone.com.

danielchatfield found that inserting a link as so

[test](/\x08/evil.com

Would bypass Hackerone's warning page.

\x08 is the escape code for the ASCII backspace character

How To Perform

  1. Locate sites with a redirect warning
  2. Attempt to bypass using /\x08/evil.com