This bug in Flattr was a low impact Open Redirect that allowed attacker to redirect the victim after authorizing Twitter.
PoC
https://flattr.com/settings/connect/twitter?redirect=https://hackberry.xyz
Timeline
- Found vulnerability -- 5th June, 2020
- Made contact with Flattr on Twitter -- 5th June, 2020
- Reported vulnerability on Twitter -- 9th June, 2020
- Bug fixed -- 11th June, 2020
- Disclosed On -- 11th June, 2020