Bug Bounty Tip: SecureAuth tests callback URLs before saving SSO configurations. Domain restrictions are validated on the initial URL, but redirects are followed during the test — a classic redirect-based SSRF bypass.
Application: CRM Portal SAML 2.0 · Active
Only URLs from the secureauth.io domain are permitted.
Recent Callback Tests
partner.secureauth.io
2024-06-01 08:55:01
HTTP 200
app1.secureauth.io
2024-06-01 09:14:22
HTTP 200
Where Bug Hunters Find This
  • SSO/SAML callback URL validators
  • OAuth redirect_uri testers
  • Webhook domain allowlists with redirect following
  • URL shortener resolution
  • CDN origin validation with redirect support
  • Open Graph / oEmbed fetchers with redirect chains