Hello people,
The first bug I found was in Paytm which was a simple Open URL Redirect. It was specifically in their mobile version.
The affected url was
www.paytm.com/login?redirect=/
As you can see the vulnerable parameter was redirect and I was able to bypass the protection in place by using multiple forward slash and was able to redirect the victim to www.example.com.
This vulnerability was reported to Paytm via their Bug Bounty program ( https://paytm.com/offer/bug-bounty/ ) and now that has been patched.
Timeline:
22-March-2017 → Bug Reported
10-July-2017 → Bug Patched
10-July-2017 → Rs2000 Paytm Cash Rewarded, sadly no HOF :(
Regards,
Achal Pathak.
The first bug I found was in Paytm which was a simple Open URL Redirect. It was specifically in their mobile version.
The affected url waswww.paytm.com/login?redirect=/
As you can see the vulnerable parameter was redirect and I was able to bypass the protection in place by using multiple forward slash and was able to redirect the victim to www.example.com.
This vulnerability was reported to Paytm via their Bug Bounty program ( https://paytm.com/offer/bug-bounty/ ) and now that has been patched.
Video POC :
22-March-2017 → Bug Reported
10-July-2017 → Bug Patched
10-July-2017 → Rs2000 Paytm Cash Rewarded, sadly no HOF :(
Regards,
Achal Pathak.