Smule: Open Redirect on

ID H1:440484
Type hackerone
Reporter assassin_marcos
Modified 2019-05-29T09:03:08


> NOTE! Thanks for submitting a report! Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!

Summary: Open Redirect at

Your Smule Username: [If applicable]

Description: an attacker can redirect victim to malicious site/ phishing site

Steps To Reproduce:

(Add details for how we can reproduce the issue)

1.Visit 1:

Just Login And Watch :)

Boom User Redirected :)

Impact: Redirect user to malicious site or phishing site to steal credentials

Supporting Material/References:

  • List any additional material (e.g. screenshots, logs, etc.)


Can get user login credential after redirecting user to malicious site/ his phishing site