Smule: Open Redirect on smule.com

2018-11-14T05:29:59
ID H1:440484
Type hackerone
Reporter assassin_marcos
Modified 2019-05-29T09:03:08

Description

> NOTE! Thanks for submitting a report! Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!

Summary: Open Redirect at smule.com

Your Smule Username: [If applicable]

Description: an attacker can redirect victim to malicious site/ phishing site

Steps To Reproduce:

(Add details for how we can reproduce the issue)

1.Visit 1: https://www.smule.com/user/login?redirection_url=////wordpress.com

Just Login And Watch :)

Boom User Redirected :)

Impact: Redirect user to malicious site or phishing site to steal credentials

Supporting Material/References:

  • List any additional material (e.g. screenshots, logs, etc.)

Impact

Can get user login credential after redirecting user to malicious site/ his phishing site