Open redirect vulnerability in index.php
Discovered by yoyobabaji on Security

This issue took 2 Days and 1 hours to triage and 21 Days and 5 hours to resolve once triaged.

Summary: `Hello Team i would like to report an open redirect on with reference to report #320376. In report #320376 it shows vulnerability i mitigated but still i am able to reproduce it. so all the summary and description remains the same.

Redirection is performed by HackerOne website when index.php page is visited. The parameter to index.php is used in redirection. By manipulating this parameter, an attacker can redirect victim outside


When a user visit he/she is redirected to However, when visiting user will be redirected to www.hackerone.comxyz (without a slash between com and xyz).

Further, when visiting user will be redirected to (a subdomain

Steps To Reproduce


  1. Notice that the site redirects to

Optional: Your Environment (Browser version, Device, etc)

All Browsers


Attacker can trick users to visit malicious websites.