How to exploit for open redirect vulnerability ?
This is a class of vulnerabilities, and the vulnerable code can have many implementations in various frameworks, programming languages, and web applications.
You might find these by using fuzzing or encoding techniques, which can bypass input validation schemes. These filters will probably vary quite a bit for each target.
Here are some quick, helpful resources to get you started finding these types of vulnerabilities:
- MITRE Definition: CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)
- OWASP: Unvalidated Redirects and Forwards Cheat Sheet
- JackkTutorials on YouTube: How to find website vulnerabilities with Uniscan
- Ivan Novikov, ONsec: SSRF attacks and sockets: smorgasbord of vulnerabilities
If I may ask, does the recent Mirai issue raise your interest in this class of vulnerabilities?
Thanks but I can now exploit it manually do not need any tools
open redirection vuln …I can not make redirection need some help
Data is read from document.location.pathname and passed to the ‘open()’ function of an XMLHttpRequest object via the following statements:
POST /partners/ HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)