Open Redirection

Hello all,
Plz help me in clearing my concept over Open Redirection .
By signing in page was redirecting to it’s main domain , I tried subdomains and found thatt it has white listed any thing with * e.g will redirect to it, but when i redirect to it was giving 404 not found error.
Is it possible to make website for stealing tokens?

Hi Sajid_Ali,

were you able to make the application redirect to Which applications gave you 404 error, google or the application you were testing?
For stealing tokens you need an application that sends the token in the URL, and if the redirection is only to * you need a vulnerable subdomain that you can inject Javascript or control it.


1 Like