Open Redirect Vulnerability


#1

How to exploit for open redirect vulnerability ?


#2

This is a class of vulnerabilities, and the vulnerable code can have many implementations in various frameworks, programming languages, and web applications.

You might find these by using fuzzing or encoding techniques, which can bypass input validation schemes. These filters will probably vary quite a bit for each target.

Here are some quick, helpful resources to get you started finding these types of vulnerabilities:

If I may ask, does the recent Mirai issue raise your interest in this class of vulnerabilities?


#3

use my tool, works like a charm

w00t w00t! happy hacking!
regards,

@ak1t4


#4

Thanks but I can now exploit it manually do not need any tools :slight_smile:


#5

your welcome! :sunglasses:


#6

open redirection vuln …I can not make redirection need some help
Data is read from document.location.pathname and passed to the ‘open()’ function of an XMLHttpRequest object via the following statements:
url=document.location.pathname;
url=url.substr(0,trimPosition);
xhr.open(method.toUpperCase(),url,this.options.async,this.options.user,this.options.password);

POST /partners/ HTTP/1.1
Host:xxxxx
Accept: /
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: xxxxx
Content-Type: application/x-www-form-urlencoded
Content-Length: 25

NginxWeb ServerGoogle AnalyticsAnalyticsMooToolsJavaScript Frameworkspin.jsJavaScript FrameworkJavascript Graphics


#7

tell me steps except of ?url=example.com to find open redirection