InVision: open ███ect at

ID H1:66239
Type hackerone
Reporter seifelsallamy
Modified 1970-01-01T00:00:00


Hi guys, Url: https://████?█████= Vulnerable parameter: ████████ POC: go to https://████?█████=/%0a/ and login, you will be ██████ected to this can be used by an Attacker to ██████ect an user to unsafe pages Eg: to a page looks like Invision login page exactly and let them login on a fake page to steal email and password
in hex '%0a' means "Return" another URL https://████████?█████=/%0d/ '%0d' can █████████ect to too Thank You!