External URL page bypass
Hackerone reports allow links to be shared between corespondents. In an effort en ensure the safty of users looking at the report all links lead to a warning page that will make note they are leaving hackerone.com.
danielchatfield found that inserting a link as so
Would bypass Hackerone's warning page.
\x08 is the escape code for the ASCII backspace character
How To Perform
- Locate sites with a redirect warning
- Attempt to bypass using /\x08/evil.com