Our challenges do NOT require any bruteforcing/directory fuzzing/massive amounts of traffic. Please practise hacking on our challenges manually.
Failure to abide by the rules will put you at risk of being restricted from using our free challenges.
Only relative redirects are allowed!
Sometimes developers want to redirect the user after a certain action has been completed but they don't want users to redirect to third party websites.
To combat this developers will sometimes check if the first character is
/ and if yes, allow the redirect.
Can you find the vulnerable parameter & work out how to bypass this open redirect filter?