Yes, you are right.

Didnt understood one thing u used android app link as refer value and in get parameter u used evil.com url ?am i right ?
Didnt understood one thing u used android app link as refer value and in get parameter u used evil.c
3
1
Anish Jain
Avinash Jain (@logicbomb)
·Follow
1 min read·
Jan 27, 2018
--
Yes, you are right. Whenever user was visiting their page from that specific header,they were not verifying it for the redirection. May be they have some whitelisting of domains.
--
--
Written by Avinash Jain (@logicbomb)4.8K Followers
·230 Following
Security Engineer @Microsoft | DevSecOps | Speaker | Breaking stuff to learn | Featured in Forbes, BBC| Acknowledged by Google, NASA, Yahoo, UN etc
No responses yet
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams