Unmasking an Open Redirect on the India’s Government Website

I hope you all are having a good day, Raja Singh here, a security researcher passionate about making the web safer. Today, I want to share my experience discovering an open redirect vulnerability on the Indian Government Site website ill be using redact.

An open redirect vulnerability allows an attacker to manipulate a website’s redirection mechanism, potentially tricking users into visiting malicious websites designed to steal personal information or infect devices with malware.

The Hunt Begins

My investigation started with the Redact.com website, a crucial resource for citizens of Bhopal. Using Burp Suite, a popular web security testing tool, I meticulously captured all the website’s requests and responses. I then extracted the HTTP URLs and saved them in a text file named “open_redirect.txt.”

OpenRedireX to the Rescue

To identify potential open redirects efficiently, I leveraged a fantastic tool called OpenRedireX. This tool automates the process of testing URLs for redirection behavior. Here’s the command I used:

cat list_of_urls.txt | openredirex -p open_redirect.txt -k “FUZZ” -c 50
This command essentially instructs OpenRedireX to read the list of URLs from “list_of_urls.txt” and test them for open redirects. The “-p” flag specifies the output file (“open_redirect.txt”), “-k” defines the fuzzing parameter (used to test different redirection URLs), and “-c” sets the maximum number of characters to fuzz (set to 50 in this case).

The Vulnerable URL

After the scan completed, I eagerly reviewed the results. And there it was! OpenRedireX flagged a specific URL within the redact.com website susceptible to open redirects:

https://redact.redact.gov.in/sap/public/bc/icf/logoff?redirecturl=uhjkmblyzrcegempcbqg09yectsxgzken.oast.fun
This URL appears to be part of the logout functionality. However, an attacker could modify the “redirect url” parameter to point to a malicious website. Unsuspecting users clicking the logout button could be redirected to a cleverly disguised phishing site, potentially compromising their login credentials or other sensitive information.

Responsible Disclosure

Having discovered the vulnerability, I prioritized responsible disclosure. My goal was to work with the Government site to address the issue without causing public panic. I reached out to the appropriate authorities at the https://nciipc.gov.in, clearly explaining the vulnerability and its potential consequences.