Open redirect vulnerability | Information security | DROP.ORG.IN
I am ashfaq Pinjari. I am cyber security analyst, penetration test expert, information security analyst, cyber security Engineer,and bug bounty hunter.
Today I am going to share my experience about open redirect vulnerability and how you can find this vulnerability in less than 1 minute.
What is open redirect vulnerability?
One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as “Unvalidated Redirects and Forwards”). … When an Open Redirect is used in a phishing attack, the victim receives an email that looks legitimate with a link that points to a correct and expected domain.
How you can find this vulnerability?
Use this following command
waybackurls https://testphp.vulnweb.com | grep -a -i =https | qsreplace ‘http://evil.com’ | while read host do;do curl -s -L $host -I|grep “evil.com” && echo “$host” “\033[0,31mVulnerable\n”;done
Command explanation :
Waybackurls = for crawling the website
grep = for pattern matching
qsreplace = replacing url
See this following youtube POC for better understanding
I hope you understood.
Don’t forget to like,share and subscribe youtube channel.
Copyright DROP 2021, All Rights Reserved