Interested in going full-time bug bounty? Check out our blueprint!

This bug is SO CLUTCH! Client-side path traversal via open redirect.

Why? Because who's expecting malicious input to come back from a fetch request that they sent to their own API!?

Watch the full episode here: ctbb.show/59