This vulnerability Open redirect Vulnerability – occurs when a parameter allows redirects, external websites or not controlled by the programmer. This allows you to inject any website we want into a parameter. This could generate ad-hoc phishing campaigns where authoritative sites send to sites with malware or malicious software. Or maybe even sites to steal credentials or inject malicious code into the browser. This attack has low value, usually reported as low. But it could easily lead to vast, very damaging attacks like those mentioned above.
This for all bug finders, you should always check that when we check a website it incorporates parameters such as:
They can have any type of parameter, but if we see something similar to this we need to check if the url also allows external url or in case try to bypass the filter blacklist using a url redirect payload.
- Previous Post