How I found Open Redirect on

Good day to all Bug Hunters again I’m Jefferson Gonzales and today I will share my findings on

On July 30 my friend Shuvam Adhikari posted a writeup on how he got a SWAG from so after reading he’s writeup I also try to hunt on and I found Open Redirect Vulnerability

When I login to I found this parameter

When I login my account it redirect me to

Then I change the value of ?next= parameter to

Then login again my account and it redirect me to this confirm that its vulnerable to Open Redirect, but I have a problem only, and will work in redirection, if you put other domains it will not redirect but I found a way to bypass it using \\ double backslash\\

When I login my account it redirect me to and successfully bypassed

Hashnode Appreciation: