From P4 to P3 using one additional step

Hello there!
In this write-up, I will go through my recent P3.
As you know, some platforms do not accept open redirect vulnerability and consider it out of scope.

However, in some cases, you can upgrade the open redirect to XSS or other significant vulnerabilities.
Started with waybackurls and greb for the keyword “post_logout_redirect_uri=” since it’s usually used by web apps for redirection.

waybackurls command line tool

Take the result and try using automated XSS tools, such as (dalfox),(XSStrike) or (XSSer). But before, try to test the parameters yourself to see how the web app reacts to your input.

And ta-da! an rXSS was found!

Here I was able to transfer P4 to P3 in less than 1h and using one step.

Thank you for viewing this article and happy hacking :)