How to exploit for open redirect vulnerability ?
This is a class of vulnerabilities, and the vulnerable code can have many implementations in various frameworks, programming languages, and web applications.
You might find these by using fuzzing or encoding techniques, which can bypass input validation schemes. These filters will probably vary quite a bit for each target.
Here are some quick, helpful resources to get you started finding these types of vulnerabilities:
- MITRE Definition: CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
- OWASP: Unvalidated Redirects and Forwards Cheat Sheet
- JackkTutorials on YouTube: How to find website vulnerabilities with Uniscan
- Ivan Novikov, ONsec: SSRF attacks and sockets: smorgasbord of vulnerabilities
If I may ask, does the recent Mirai issue raise your interest in this class of vulnerabilities?
1 Like
use my tool, works like a charm
https://github.com/ak1t4/open-redirect-scanner
w00t w00t! happy hacking!
regards,
1 Like
Thanks but I can now exploit it manually do not need any tools 
your welcome! 
open redirection vuln …I can not make redirection need some help
Data is read from document.location.pathname and passed to the ‘open()’ function of an XMLHttpRequest object via the following statements:
url=document.location.pathname;
url=url.substr(0,trimPosition);
xhr.open(method.toUpperCase(),url,this.options.async,this.options.user,this.options.password);
POST /partners/ HTTP/1.1
Host:xxxxx
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: xxxxx
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
NginxWeb ServerGoogle AnalyticsAnalyticsMooToolsJavaScript Frameworkspin.jsJavaScript FrameworkJavascript Graphics
1 Like
tell me steps except of ?url=example.com to find open redirection