URL Redirection / Unvalidated Open Redirect

This topic has 3 replies, 2 voices, and was last updated 3 years, 3 months ago by Hasnain Abbasi.

Viewing 3 reply threads

Author

Posts
- Participant
 
 #1 Hasnain Abbasi 05/23/2021 at pm4:21 #605773
 
 I am an Independent Security Researcher running a vulnerability identification service , and I accidentally found some vulnerabilities in your infrastructure.
 
 And it can cause damage to your website. I am sharing the vulnerability details with you including suggested solution.
 
 Kindly respond as soon as possible 🙂
 
 regards.
 ======================
 Vulnerability Name: URL Redirection / Unvalidated Open Redirect
 
 =============
 Vulnerable parameter: URL
 
 ============
 Vulnerable Domain: https://www.sockscap64.com/
 
 How to Reproduce this Issue:
 =========================
 1.visit this URL it will redirect you to http://bing.com
 https://www.sockscap64.com/redirect.php?url=http://bing.com
 Note: Attacker could change http://bing.com to http://evilsite-of-attacker.com and hence can steal user credentials.
 
 Impact:
 ==================
 
 URL Redirection or Unvalidated Open Redirect are usually used with phishing attack or in malware delivery, it may confuse the end user on which site they are visiting.
 The attacker can force the user to install trojans, malwares, etc. into his system.
 And can conduct phishing attacks.
 
 1. Attacker could redirect victim to vulgar site such as any porn site which can degrade the reputation of your site as the redirection happen from your domain.
 2. Attacker could deliver malware or phishing pages in the name of your website and hence can steal user credentials.
 
 
 As the front part of URL is legitimate, attacker can easily convince users to click on malicious crafted link,
 and hence can easily target user of https://www.sockscap64.com/
 
 
 Mitigation: 
 ================
 If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:
 
 -Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
 -Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.
 
 If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:
 
 -The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.
 -The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.
 
 -The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.
 
 Attachments:
 You must be logged in to view attached files.
- Keymaster
 
 #2 Super admin 10/13/2021 at am10:55 #620761
 
 thank you for your feedback.
- Keymaster
 
 #3 Super admin 10/13/2021 at am10:56 #620766
 
 fixed.
- Participant
 
 #4 Hasnain Abbasi 01/23/2022 at pm6:42 #623529
 
 Hi admin ,
 is there any appreciation reward ? for my report ?
 yes the vulnerability is fixed now .
 
 regards
Author

Posts

Viewing 3 reply threads

You must be logged in to reply to this topic.

URL Redirection / Unvalidated Open Redirect

Attachments: