Epic Games Open Redirect Bypass: How I Earned My First $500 Bounty

Professor Software Solutions
2 min readMar 27, 2023

--

Introduction:

I’m a security researcher specializing in bug bounty programs, and I’ve been active on platforms like HackerOne since 2022. I also share bug bounty tips and insights on Twitter, where you can follow me at @bughuntar.

Journey into Bug Bounty

I first heard about bug bounty programs in January 2022. Intrigued, I started diving into cybersecurity concepts and bug hunting. Initially, I began by practicing on vulnerable machines. However, I quickly realized that this approach didn’t quite meet my expectations in terms of real-world application. Seeking more practical experience, I decided to start testing real-world websites, which led to my first discovery: an open redirect vulnerability at Epic Games.

This marked the beginning of my serious bug bounty journey, which I officially kicked off in April 2022.

The Bug: Open Redirect Bypass

The vulnerability I discovered was an open redirect. At first glance, the issue didn’t seem to be a direct open redirect, but after some testing, I managed to bypass the security measures in place.

Here’s how I came across the vulnerability:

  • I was learning about open redirects and experimenting with different payloads.
  • During my practice, I came across a URL from Epic Games, which appeared to be vulnerable to redirection manipulation.
  • After several tests, I found that the redirect would only work if I used four backslashes (////) before the host in the redirectUrl parameter. The payload that successfully bypassed the filter was:
&redirectUrl=////evil.com
  • This was an unexpected behavior, but it demonstrated how an attacker could redirect a user to a potentially malicious site.

Example URLs

Valid Redirect Link:

https://www.redacted.com/id/login?lang=en-US&noHostRedirect=true&redirectUrl=https%3A%2F%2Fstore.redacted.com%2F

Exploited Open Redirect Link:

https://www.redacted.com/id/login?lang=en-US&noHostRedirect=true&redirectUrl=////evil.com

Conclusion

Discovering my first bug was an exciting and validating moment. I was thrilled with the outcome and took a moment to reflect on the journey, expressing my gratitude by saying, “Alhamdulillah.” It’s a great reminder of how persistence and continuous learning pay off in the world of bug bounty hunting.

Final Thoughts

This experience has been a motivating milestone in my cybersecurity journey. As I continue learning and growing in the field, I hope to share more discoveries and insights with the bug bounty community.

Follow Me

Stay connected and updated on my bug bounty journey, cybersecurity tips, and more! You can find me on the following platforms:

Feel free to reach out for tips, discussions, or collaboration opportunities!

--

--

Professor Software Solutions
Professor Software Solutions

Written by Professor Software Solutions

Bug Bounty Hunter at HackerOne Inc | Cybersecurity Enthusiast | Passionate About Finding Vulnerabilities and Enhancing Online Security | https://x.com/bughuntar

Responses (2)