Open Redirection


#1

Hello all,
Plz help me in clearing my concept over Open Redirection .
By signing in page was redirecting to it’s main domain , I tried subdomains and found thatt it has white listed any thing with *.domain.com e.g google.domain.com will redirect to it, but when i redirect to google.com it was giving 404 not found error.
Is it possible to make website anything.domain.com for stealing tokens?


#2

Hi Sajid_Ali,

were you able to make the application redirect to google.com? Which applications gave you 404 error, google or the application you were testing?
For stealing tokens you need an application that sends the token in the URL, and if the redirection is only to *.domain.com you need a vulnerable subdomain that you can inject Javascript or control it.

Best.