ESPN espn.go.com Open Redirect Security VulnerabilitiesDomain:http://espn.go.com/Vulnerability description:Espn.go.com has a security problem. It is vulnerable to Open Redirect attacks.Tests were performed on Firefox (33.0) in Ubuntu (14.04) and IE (8.0. 7601) in Windows 8. Use one of webpages for the following tests. The webpage address is "http://www.diebiyi.com/". Suppose that this webpage is malicious.(1) Vulnerabilities Occurs at ESPN Login page.Vulnerable URL 1:https://r.espn.go.com/members/login?appRedirect=https%3A%2F%2Fwww.facebook.com%2FAndroidOfficialPOC:https://r.espn.go.com/members/login?appRedirect=http%3A%2f%2fdiebiyi.com.comVulnerable URL 2:http://streak.espn.go.com/en/login?redirect=https%3A%2F%2Fwww.facebook.com%2Fpages%2Fwwwgooglecom%2F101882723190828POC:http://streak.espn.go.com/en/login?redirect=http%3A%2F%2Fdiebiyi.com(2) Vulnerabilities Attacked without User Login. Vulnerable URL 1:http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=https%3A%2F%2Ftwitter.com%2FAdcash%2Fstatus%2Febay%2F539770783556698112POC:http://m.espn.go.com/wireless/mw/util/redirectKeepParams?w=1dpoa&url=http%3A%2F%2Ftetraph.com?This vulnerability was used to demonstrate "Covert Redirect" of Facebook,Poc Video:https://www.youtube.com/watch?v=HUE8VbbwUmsBlog Detail:http://www.tetraph.com/blog/covert-redirect/covert-redirect-vulnerability-related-to-oauth-2-0-and-openid/During the tests, besides the links given above, large number of ESPN's links are vulnerable to Open Redirect attacks. Poc Video:https://www.youtube.com/watch?v=lCvBt8Elj9w&feature=youtu.beBlog Detail:http://securityrelated.blogspot.sg/2014/12/espn-espn.htmlReported by:Wang Jing, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore.http://www.tetraph.com/wangjing/