Open Redirect Vulnerability
Open Redirect is a vulnerability in which the attacker manipulates a web page to redirect the users to unknown destinations.
An open redirect occours in the url through parameter value that can be tampered and set to attackers website .
Example :
https://google.com/r/?url=https://bing.com
But why we need use of the redirection ??
As it tends out of a web application of in requires these redirections in all over the place .
1.LOGIN
2.REGISTER
3.CHECK OUT
4.CREATE
5.PASSWORD RESET
Types of Open Redirect :
- Reflected : The redirection is based on a parameter value set through the URL.
2. Stored : The redirection function or a script is stored on the web application through attackers input . If all the users visited that website it will redirect to the attacker’s web page .
3. Dom : It occurs when the application takes input and places it in a sink that redirects the user.
How to find for open redirects
We can Use Google dorks and search for URLs that contains common redirection parameters.
RESOURCES :
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Open%20Redirect
DORKS :
/{payload}
?next=
?url=
?target=
?rurl=
?dest=
?destination=
?redir=
redirect_uri=
?redirect_url=
?redirect=
/redirect/
cgi-bin/redirect.cgi?{}
/out/
/out?
?view=
/login?to=
?image_url=
?go=
?return=
?returnTo=
?return_to=
?checkout_url=
Common parameters :
redirect, uri, path, continue, url, window, to, out, view, dir, show, navigation, Open, url, file, val, validate, domain, callback, return, page, feed, host, port, next, data, reference, site, htmlARAMETERS :
I would like to thank you for your attention :)
I wish everybody good luck in their future findings! :)
Happy Hacking :)