Learn everything about open redirect vulnerabilities from scratch

INTRODUCTION

Do you know that you can earn up to $1000 by finding open redirect vulnerabilities? Well, it turns out that most people underestimate open redirect vulnerabilities because of its nature. For those who doesn’t know about open redirect vulnerability, It is a web application vulnerability that allows an attacker to redirect users from the original website to the attacker’s controlled domain. The normal impact can be used to perform phishing attacks which to lead to more vulnerability. However, it can lead to complete account takeover if found in sensitive functionalities like OAuth, etc.

For example, A hacker was able to perform account takeover with the help of open redirection vulnerability. You can read more about it here. We can also escalate this vulnerability to perform cross site scripting vulnerability.

In this article, we are going to learn how to find open redirect vulnerabilities on live websites. So, let’s get started

AnnonucementIf you want to learn how hackers hack millions of accounts on a website, Then check out this beginner friendly course which will teach you how to perform account takeovers in real world websites that will boost your bug bounty hunting skills from basics to advance level.

WHAT ARE OPEN REDIRECT VULNERABILITIES?

open redirect vulnerabilities 1
Image Source: FreePick

As the name suggest, it gives an attacker the power to redirect users to redirect from legitimate domain to their malicious domain. To be more technical, Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way(Source: PortSwigger). Let’s take an example:

Suppose you are visiting Amazon to buy books. You visited the login page and provided your credentials. Now in normal case, you are supposed be redirected to your dashboard. But here, you get redirected to the attacker’s phishing website without any warning(If amazon was vulnerable). Since you don’t have any clue about this, you provided your credit card details for the purchase. Now the attacker owns your credit card information!

Now you must be thinking that “Well, i am well aware of phishing. I can easily distinguish the phishing page by validating the domain name.”. You are not wrong, but this is just a beginning of a storm. When exploited more maliciously, it could lead to account takeover without you even noticing by stealing your cookies.

HUNTING OPEN REDIRECT VULNERABILITIES TECHNIQUES

open redirect vulnerabilities
Source: AppSec-Labs

There are many ways to find open redirect vulnerabilities. One simple way to identify open redirection vulnerability is:

  1. Find a parameter that is redirecting users. For example: ?returnURL=domain , ?dest=domain, ?return=domani , ?URL=domain etc.
  2. Pass any random url in the parameter’s value.(Like bing.com)
  3. If you get redirected to bing.com , then voila! You found the vulnerability.
  4. If not, then don’t loose hope. You will find it eventually.

Now using the steps above does not necessarily means that you will find the vulnerability. Sometimes there are various protection that we need to bypass in order to find open redirect vulnerability. Some of them are:

  1. If bing.com is blocked then try domain.com.bing.com.
  2. If ?vulnerableParameter=/batman then try to ?vulnerableParameter=.batman
  3. If attacker.com is blocked then try [email protected]

And So on..

DEMONSTRATION

Open Redirection On Live Website

CONCLUSION

I hope you all understood about the basics of open redirect vulnerabilities and how we can find them on live websites. In the next article, we will learn some more ways to find open redirection on more secured web applications. If you have any doubts or issues then let me know in the comment section.

Join our telegram channel over here.

Check out our cybersecurity section for more amazing tutorials and articles.

Subscribe to our YouTube channel over here

CYBERSECURITY COURSES:

Learn Hacking Windows With Python From Scratch(2022)

4.5 Rated on Udemy with over 300+ Students!

Learn how to create advance payload that can be used to hack windows without being detected by any antivirus till now. Click on this link to know more

The Ultimate Guide to Hunt Account Takeovers(2022)

4.5 Rated with Over 100+ Students Across the World!

Learn how to perform account takeover vulnerabilities because of website misconfiguration from basics to advance and boost your bug bounty hunting skills! Click on this link to know more.