.png)
2 months ago
35 BOOK THIS SPACE FOR AD
ARTICLE AD
Holaaa amigos today l will show you how to easily check for open redirect vulnerability. Let’s directly jump into the main stuff.
An Open Redirect is a security flaw on a website that lets attackers change the destination of a link. Instead of taking a user to the intended site, the attacker can redirect them to a malicious website. This can be used to steal information or spread malware.
1. Attackers can redirect users to malicious websites.
2. Loss of trust to the company
3. Attackers can spread malware exploiting this vulnerability.
1. Go to the target website which you are hunting.
2. Then check the main functions of the website like account creation, login, password reset etc.. concentrate on the url which checking the functions.
3. If you come across some url with a parameter (ex: https:google.com/test?=) you can test by adding https://evil.com after = symbol.
IF THE WEBSITE IS TAKING YOU TO https://evil.com THEN THEIR IS OPEN REDIRECT VULNERABILITY.
I found this vulnerability on the login page of a target and the url was this:
https://preview-developer.redacted.com/Identity/Account/Login?ReturnUrl=
I added the payload https://evil.com and the new url was looking like this:
https://preview-developer.redacted.com/Identity/Account/Login?ReturnUrl=https://evil.com
Boom I was taken to https://evil.com, you can use any other url instead of https://evil.com you will be redirected to the website you are adding on the parameter section.
Always try to find this on sensitive endpoints like login, signup, password reset etc that makes the issue more critical.
I hope you got an idea on how open redirect works and how to find this in real world applications. Thanksss for reading………
#OpenRedirect #BugBounty #WebSecurity #EthicalHacking #PenetrationTesting #BugHunting #CyberSecurity #AppSec #SecurityVulnerability #Infosec #WebVulnerability #EthicalHacker #SecurityResearch #ThreatHunting #MediumWriteup
Bengali (Bangladesh) · 
English (United States) ·