1 post
We hunted 80 trusted-domain endpoints for unauthenticated open redirects. One is still live in 2026 — twitter.com/logout?redirect_after_logout= — …