New Relic: Open redirection bypass .

2016-06-13T18:36:19
ID H1:144525
Type hackerone
Reporter rohan_x3
Modified 2017-02-18T05:12:22

Description

The following link bypasses the current protection :

https://login.newrelic.com/login?return_to=https://rpm.newrelic.com/auth/newrelic?origin=///evil.com

After entering the correct credentials , the above link will redirect to evil.com