IT-Securityguard Blog

[BugBounty] malicious redirect on

| Keine Kommentare

Dear readers,

today i want to share a short story of a bug i found on one of prezi’s subdomains called Webserver at is configured to redirect the Users to the Login Page of Prezi, so far so good, i found out that if you add a Domain lets say to the end of the URL it redirects to,
to validate this one i created a new Subdomain called, so if an attacker sets up a valid https cloned site of the actual login page  a request on will redirect the user to (the attacker owned domain).


This issue was worth 500$ of cash reward. The Prezi Team as always fixed this issue in less than 24 hours, heads up for this nice and skilled security team.

hope you enjoyed.

Schreibe einen Kommentar

Pflichtfelder sind mit * markiert.