.png)
1 year ago
85 BOOK THIS SPACE FOR AD
ARTICLE ADWhat is an open Redirect?
An open redirect vulnerability occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.
Attackers exploit open redirects to add credibility to their phishing attacks. Most users see the legitimate, trusted domain, but do not notice the redirection to the phishing site.
Although this vulnerability doesn’t always directly impact the legitimate application, the company’s reputation can be negatively impacted. In addition, open redirects may not seem like a high impact on the organization itself, it’s important to avoid damaging the trust users have in the business. It’s worth noting, an open redirect in your own site may very well be used against your own employees!
First, after doing the usual checking of services, ports and their links I used a tool “ًwaybackurls” and searched for “url=”
The link was https://Target.com/url=api.target.com
The strange thing is that when you put the link after deleting their link, the conversion is not done permanently, but when you modify the link to that link Target.com/http://attacker.com
Go to the attacker’s page
Access Control
The user may be redirected to an untrusted page that contains malware which may then compromise the user’s machine. This will expose the user to extensive risk and the user’s interaction with the web server may also be compromised if the malware conducts keylogging or other attacks that steal credentials, personally identifiable information (PII), or other important data
Access Control
Confidentiality
Other
The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user’s credentials and then use these credentials to access the legitimate web site
Bengali (Bangladesh) · 
English (United States) ·