GSA Bounty: [idp.fr.cloud.gov] Open Redirect

Description: Open Redirect Domain: idp.fr.cloud.gov Steps To Reproduce: Open URL: https://idp.fr.cloud.gov//blackfan.ru/..;/css HTTP Response HTTP/1.1 302 Found ... Location: //blackfan.ru/..;/css/ ... Impact A web application accepts a user-controlled input that specifies a link to an external...