• Google Authenticated Open Redirect

    Hello Guys!

    While Testing Google Security.I found Authenticated Open Redirect Vulnerability as Google Not Accept Open Redirects so It was not accepted so i decided to share this Unpatched Bug With You.


     https://appengine.google.com/ is a Website That Redirect the App Login to User Website which is Created on

    https://console.cloud.google.com/projectselector/appengine?src=ac&pli=1 This Website Redirect Form Through https://appengine.google.com/_ah/conflogin?continue=http://www.hackerwahab.com 

    Via Google Account Login.So if We Change www.hackerwahab.com to Any Malicious website open Redirect Works.

    Steps to reproduce:
    1.go to
    2.Change www.hackerwahab.com with any malicious Site.
    3.Login With Google account Open Redirect Works

    Browser/OS: All

    Attack Scenario:-

    The attacker crafts a malicious URL that redirects users to a malicious site that performs phishing and installs malware.

    Video PoC:-


    Post a Comment

    Powered by Blogger.