The vendor (Google) communicated that "they do not consider open redirects to be a security issue". https://www.google.com/amp/seclists.org/bugtraq/2016/Apr/70 …
-
-
+1. Looking at the <a href> is not enough, and fixing OR has likely negligible impact on phishing. https://sites.google.com/site/bughunteruniversity/nonvuln/attacks-facilitating-phishing-or-social-engineering …
-
well, TBF, IMO, this is slightly worse than classic OR, and the "looking at <a href>" part doesn't apply here
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.