Open Redirect in Flattr

Public Disclosure

Open Redirect in Flattr

This bug in Flattr was a low-impact Open Redirect that allowed an attacker to redirect the victim after authorizing Twitter.

PoC

Visit the URL

https://flattr.com/settings/connect/twitter?redirect=https://eval.blog

After authorization, user will be redirected to eval.blog.