₹1,000 in 10 mins: BookMyShow’s Open redirect bug!
1 min read
Summary
outlawedbug, a member of the bug bounty community, has discovered an open redirect vulnerability on the Indian ticket booking website BookMyShow.
By exploiting the bug, outlawedbug was able to manipulate the website to redirect users to any URL, including malicious phishing websites, and even avoid security filters.
The bug bounty hunter was able to report the vulnerability and earn a reward of INR1,000 ($AUD158) in just 10 minutes.
Open redirect vulnerabilities can have severe implications for user data and security, circumventing basic security controls and fooling less sophisticated users into visiting malicious websites and entering sensitive information.
Hence, this finding highlights the importance of the bug bounty program in uncovering such weaknesses and rewarding those who responsibly report them.