24/7 Phone Services +91- 7477466951
support@drop.org.in UKHRA, Durgapur, West Bengal 713363

Open redirect vulnerability | Information security | DROP.ORG.IN

Open redirect vulnerability | Information security | DROP.ORG.IN

Hi
I am ashfaq Pinjari. I am cyber security analyst, penetration test expert, information security analyst, cyber security Engineer,and bug bounty hunter.
Today I am going to share my experience about open redirect vulnerability and how you can find this vulnerability in less than 1 minute.

What is open redirect vulnerability?
One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as “Unvalidated Redirects and Forwards”). … When an Open Redirect is used in a phishing attack, the victim receives an email that looks legitimate with a link that points to a correct and expected domain.

How you can find this vulnerability?

Use this following command

waybackurls https://testphp.vulnweb.com | grep -a -i =https | qsreplace ‘http://evil.com’ | while read host do;do curl -s -L $host -I|grep “evil.com” && echo “$host” “\033[0,31mVulnerable\n”;done

Command explanation :

Waybackurls = for crawling the website
grep = for pattern matching
qsreplace = replacing url

See this following youtube POC for better understanding

I hope you understood.

Don’t forget to like,share and subscribe youtube channel.

Leave A Reply

Your email address will not be published. Required fields are marked *