Member-only story
Potential XSS Vulnerability in Acronis Login Callback URL
Exploiting login callback flows to inject JavaScript and hijack sessions — with a real-world bug bounty report
3 min readAug 4, 2025
Press enter or click to view image in full size
Introduction: Where XSS Hides in Plain Sight
Most bug hunters look for XSS in search boxes, comment forms, or content fields. But what if I told you there’s a silent but deadly XSS vector hiding behind many login flows?
Meet the redirect URL — a common parameter used to navigate users after login. It looks harmless, but in some cases, it can be turned into an attack surface for injecting JavaScript.
In this article, we’ll break down:
- How to find vulnerable redirect parameters
- How to test them for XSS
- A real report submitted to Acronis that earned a bounty
- How developers can defend against this issue
Recon 101: Finding Redirect-Based XSS
When exploring login flows or authentication mechanisms, always watch for URLs that include parameters like:
?redirect=
?next=
?continue=
?returnTo=
?redirectUrl=
