Post cover image

July 14, 2026

The Parameter That Redirects Nowhere: HTML Injection via redirect_page $125 Bounty

Not every finding is a takeover. This one is a small, clean bug with a real phishing angle: a parameter meant to control post-login…

By Gautam Sharma

2 min read