I recently started bug bounty and I came up with an obstacle. Long story short I manipulated the redirect uri in the oauth/auth field and it returned a 200 OK response. Which shouldn't happen, right?I did this in BurpSuite.
How do I manipulate it more and report this bug if it even counts as one?
I would appreciate any help that you can give, thank you.
ORIGINAL request URI:
/o/oauth2/auth?redirect_uri=(some long uri)
MANIPULATED request URI(added the and symbol):
/o/oauth2/auth?redirect_uri=(some long uri)&facebook.com
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…