Open Redirect On Codepolitan.com
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5aWBHB-SjwAm8tdTvcSHMgyz0q9D2kBImO9DAoFNfT-Djw7biNlAH0HsmC9SM7n7WFsYhCFeVlL1Lo-U23q5aC7myzvRo1GScdd7YdDTS2gdEblq33HnqAvnAfXShCidKNdbTHE4o-BVs/s320/codepolitan.png)
Open Redirect On Codepolitan.com Description : Open redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access. Impact : Force user go to untrusted website from codepolitan website Location of bug : https://www.codepolitan.com/users/login?callback= Payload : http://attacker.com Reproduce : 1. Open https://www.codepolitan.