.png)
3 weeks ago
23 BOOK THIS SPACE FOR AD
ARTICLE ADFirst, I’m Kerolos Ayman, Bug Bounty Hunter, Junior Penetration Tester and CTF player.
Today, I will talk about Open Redirect vulnerability
Assume that our target called example.com
I was browsing the website to know what is about and the functions to know what will I test on and making Burp Suite open in the background do its job.
I found a registration and login page when I come to register it has OAuth which is Open Authentication (OAuth is essentially a way for users to grant scope-specific access tokens to service providers through an identity provider such as Google, Facebook, etc…) I registered and made an account.
I returned to burp and found the request of registration that contains redirect-uri (redirect-uri is one of the keywords that if you found them then test an Open Redirect Vulnerability), so I sent the request to Repeater.
I tested it with google.com (redirect-uri=https://www.google.com) and it gave me 200 OK
Then I tested with Burp Collaborator as a POC to show them the vulnerability
Bengali (Bangladesh) · 
English (United States) ·