Open redirect Vulnerability

nave1n0x
1 min readJan 27, 2020

--

Summary:

There is an Open Redirect on https://redacted.com/exit.php?url= due to the application not checking the value passed by the user to the “url” parameter.

Description:

Unchecked redirects occur when an application redirects to a destination controlled by attackers. This often occurs in functionality returning users to a previous page, e.g. after authenticating.

An attacker can control the value of the “url” parameter and make it redirect to a malicious endpoint.

https://redacted.com/exit.php?url=

Steps To Reproduce:

Here is a proof of concept to demonstrate how an open redirect occurs. Please note that this particular example is not a vulnerability and just here for demonstration purposes.

PoC: https://redacted.com/exit.php?url=aHR0cHM6Ly93d3cuaW5mb3NlYy5jb20uYnI=

The URL looks like it should go to https://redacted.com, but you are redirected to https://www.infosec.com.br

Supporting Material/References:

Mitigation:

When possible, do not allow user input to directly control redirect destinations; rather, generate them on the server side (e.g. via ID -> URL mapping). When this is not an option, a strict whitelist is highly recommended. Finally, a last-ditch mitigation can be performed by removing protocol specifiers from user input prior to redirection. This last method will not fix intra-site redirect exploits, but can prevent redirects to an attacker-controlled website.

Reference:

https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

Impact

Attackers may be able to use this to execute believable phishing attacks, bypass authentication, or (in rare circumstances) violate CSRF mitigations

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

nave1n0x
nave1n0x

Written by nave1n0x

Web2 & Web3 Security Researcher, Blockchain Enthusiast, Pentester, Solidity Smart Contract Auditor, My Twitter https://twitter.com/nave1n0x

No responses yet

Write a response