Sitemap
Open in app

Sign in

Medium Logo
Write

Sign in

How I bypassed the same open redirect endpoint not once, not twice… but FOUR times

Ektu_Hacker/SANDIP
3 min readJun 9, 2025

--

Hey bug hunters, grab a snack and listen up! This is the story of how I beat an open redirect bug on one website four times by never giving up. Let’s dive in!

open redirect

The Mission: Cracking the Redirect

It all started with a simple web address on a website: login?next=. This link was supposed to send users somewhere safe after logging in, but I had a hunch it could be tricked into sending them to a bad website, like evil.com. A flaw that lets hackers redirect users to malicious sites.

Round 1: The Triple Slash Surprise

I started by throwing every trick I knew like- https://evil.com, evil.com, etc. Nothing worked. The website’s defenses were solid — or so it seemed. After hours of poking around, I tried something weird: login?next=///evil.com. And BOOM! The website redirected me straight to evil.com. I was thrilled! I reported the bug, but it turned out someone else had found it first. Bummer. The website fixed it, and I thought that was the end. Spoiler alert: I was so wrong.

Tip: Open redirects can be tricked by messy web addresses. That /// confused the website’s checker. Always try weird combos!

Round 2: The Fake-Out Trick

The fix was done, but I couldn’t resist trying again. I spent a whole day testing every idea I had. Late at night, I tried something nuts: login?next=https://evil.com///evil.com. Guess what? It sent me to evil.com!

The website blocked the first part (evil.com) but didn’t check after the ///, letting evil.com sneak through. I reported it, got a cash reward, and waited for their next fix.

Round 3: The Secret Header Move

They fixed it again, but I wasn’t done. I noticed the website used a “Location” instruction to redirect after login. With some help from AI (my trusty sidekick), I tested all day. At 11 PM, I tried login?next=Location:https://evil.com. Holy moly — it worked!

Insight: Headers like Location are bug goldmines. If you spot one, manipulate it! AI can spark ideas, but persistence seals the deal.

Another win, another reward. But then, the program updated its policy, no longer rewarding bypasses. I hung up my hat… temporarily.

Round 4: The Surprise Comeback

One day, I found a cool new trick while testing another website. My gut said, “Why not try it on my old friend” So I did, and BOOM — bypass #4!

I reported it, and it’s pending. Once it’s fixed, I’ll drop the payload for the community. Stay tuned, hunters!

This journey taught me one thing: hacking is all about endurance. Four bypasses, countless hours, and a few bounties later, I’m still hungry. To my fellow bug hunters: keep digging, stay creative, and never let a patch stop you! Got your own bypass story? Drop it below!

#BugBounty #Cybersecurity #Hacking #openredirect

Bug Bounty
Hacking
Bug Bounty Writeup
Open Redirect
Unlisted

--

--

Ektu_Hacker/SANDIP
Ektu_Hacker/SANDIP

Written by Ektu_Hacker/SANDIP

75 followers
109 following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech