Square: Open Redirect [FreshBook]

2014-08-20T03:46:21
ID H1:25334
Type hackerone
Reporter eronx
Modified 2014-10-04T07:15:55

Description

Hi there,

An open redirect in Freshbook, go over the URL below: https://www.bookfresh.com/cindex.php/account/reactivate/confirm?s=5ada2f4dbceb0d9c9af5e31225e322506284348d&id=642774461ea8033f9ca8a4003d75d3f6&done=http://www.cliffordtrigo.info

This can be used to manipulate users, redirect them to rugue websites and or phising sites.

Kindly have a look sir.

Clifford