Client Side URL Redirection

Uploaded by

Sói Hoang

0% found this document useful (0 votes)

23 views8 pages

url

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

url

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

23 views8 pages

Client Side URL Redirection

Uploaded by

Sói Hoang

url

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 8

Search inside document

(Open Redirection)

sangbuicom@gmail.com

It is an input validation flaw.

An application accepts an user link input
Leads to an external URL

An open redirect is an application that takes a

parameter and redirects a user to the
parameter value without any validation
Open Redirect also known as Unvalidated
Redirects and Forwards.

Platform All web platforms affected

http://www.abc.com?redirect=http://www.attacker.com

The victim that visits abc.com will be

automatically redirected to
www.attacker.com

Could be used to:

Phishing attack
Redirect a victim to the malicious page .
Steal user credentials

aotrungnien.com/redirect?url=http://lury.vn
www.applesfera.com/redirect?url=https%3A%2F%2Fitunes.
http://www.thanhnamgroup.com.vn/vi/SpecialPage/Advertis
ing.Redirect.aspx?Id=91&url=http://www.hsbc.com.vn
http://baohatinh.vn/adclick/c38199e05709bdccd256a35b94a
8da79/469?b=331&r=798&url=http://agribank.com.vn
http://nghean.vnpt.vn/modules/banner/click.php?id=59&url=
http%3A%2F%2Fsangbui.com

Moreover open redirections could also be

used to maliciously craft an URL that would
bypass the applications access control checks
and then forward the attacker to privileged
functions that they would normally not be
able to access.

Black Box testing

Gray Box testing
Tools

https://www.google.com/url?sa=t&url=http://
sangbui.com&usg=AFQjCNE4X_XBJ3kgsR7LEceasJNWqRcYw

https://www.owasp.org/index.php/Open_redirect
https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
https://www.owasp.org/index.php/Testing_for_Client_Side_URL_Redirect_(OTG-CLIENT-004)
https://webmasters.googleblog.com/2009/01/open-redirect-urls-is-your-site-being.html

Auditing and Securing Web Enabled Applications
Document5 pages
Auditing and Securing Web Enabled Applications
dhinesh89
No ratings yet
Api Example 1: Vulnerability Type: Api Request's Response Leakage. Screenshot of Component
Document49 pages
Api Example 1: Vulnerability Type: Api Request's Response Leakage. Screenshot of Component
Ashlee Gregory
No ratings yet
Api Example 1: Vulnerability Type: Api Request's Response Leakage. Screenshot of Component
Document49 pages
Api Example 1: Vulnerability Type: Api Request's Response Leakage. Screenshot of Component
Naren Reddy
No ratings yet
Open Redirect Bounties
Document5 pages
Open Redirect Bounties
̇
No ratings yet
Sample Threat Modeling Report
Document11 pages
Sample Threat Modeling Report
harshil mehta
No ratings yet
Unvalidated Redirects and Forwards:: Safe URL Redirect
Document5 pages
Unvalidated Redirects and Forwards:: Safe URL Redirect
Husain Ali Arif
No ratings yet
OAuth 2 Simplified
Document12 pages
OAuth 2 Simplified
Jasmina Mitrovic
No ratings yet
KTBMW
Document21 pages
KTBMW
nguyenhoangphihung633
No ratings yet
WEB SPOOFING EXPLAINED
Document16 pages
WEB SPOOFING EXPLAINED
Yukti Chuttani
No ratings yet
Group No 13 Conferance Paper
Document3 pages
Group No 13 Conferance Paper
Tejaswini Upadhye
No ratings yet
Mad Module 5
Document27 pages
Mad Module 5
disij75096
No ratings yet
Trend Report
Document21 pages
Trend Report
Rajasekhjar Matam
No ratings yet
XSS in Joomla Acajoom Component
Document13 pages
XSS in Joomla Acajoom Component
Alexandros Sakellariou
No ratings yet
Broken Link Checker
Document2 pages
Broken Link Checker
Edwin Yesa
No ratings yet
Web Security: Different Web Application Attacks Client Side Attack
Document9 pages
Web Security: Different Web Application Attacks Client Side Attack
Zain Alabeeden Alareji
No ratings yet
GPM 65
Document1 page
GPM 65
Pop
No ratings yet
Bypassing Client-Side Controls Through Decompilation and Input Manipulation
Document28 pages
Bypassing Client-Side Controls Through Decompilation and Input Manipulation
Joona John
No ratings yet
Advanced XSS
Document8 pages
Advanced XSS
William Caceres
No ratings yet
Documentation (Us)
Document61 pages
Documentation (Us)
Highlights Mania
No ratings yet
Google Analytics Exam Questions Sample
Document17 pages
Google Analytics Exam Questions Sample
acb510
No ratings yet
CSRF Presentation
Document10 pages
CSRF Presentation
Mansoor Shar
No ratings yet
Brute Force Attack: Barracuda Web Application Firewall
Document5 pages
Brute Force Attack: Barracuda Web Application Firewall
Abdinah Gonfa
No ratings yet
Net Documents
Document1 page
Net Documents
Santhiya M
No ratings yet
WEB Application Security: Cse-A
Document12 pages
WEB Application Security: Cse-A
Santoshi Alekhya
No ratings yet
Sessionals 1 - Vapt Pratical Lab Assignment
Document12 pages
Sessionals 1 - Vapt Pratical Lab Assignment
CFIS 2k19
No ratings yet
Oauth
Document2 pages
Oauth
Nourhane Ibrahim
No ratings yet
Boost Mobile Landing Page CTR 10-20
Document19 pages
Boost Mobile Landing Page CTR 10-20
Jony King
No ratings yet
Cross Site Scripting (XSS) Attack Techniques and Defenses
Document30 pages
Cross Site Scripting (XSS) Attack Techniques and Defenses
Thương Trần
No ratings yet
09 Web Site Sec
Document17 pages
09 Web Site Sec
Thanh Hương
No ratings yet
Security Testing For Unvalidated Redirects and Forwards
Document3 pages
Security Testing For Unvalidated Redirects and Forwards
coolkhu
No ratings yet
Track Down App Security Vulnerabilities
Document69 pages
Track Down App Security Vulnerabilities
georgesharmokh
No ratings yet
CORS - Projectbaseline
Document3 pages
CORS - Projectbaseline
Ritu Mane
No ratings yet
Mobile Deep Linking: Ramukc Mobility Architect at Imaginea Ecard: Http://Linqs - In/Uruh
Document37 pages
Mobile Deep Linking: Ramukc Mobility Architect at Imaginea Ecard: Http://Linqs - In/Uruh
Pranav Chandran
No ratings yet
Cross Site Requst Frogery
Document8 pages
Cross Site Requst Frogery
ekrma d
No ratings yet
Online Car Rental Management Presentation
Document41 pages
Online Car Rental Management Presentation
Nikhilesh K
100% (2)
Untitled
Document3 pages
Untitled
api-138687322
No ratings yet
CSS (Cross Sitescripting)
Document29 pages
CSS (Cross Sitescripting)
Nosheen Manzoor
No ratings yet
Must Know Hacking!3
Document60 pages
Must Know Hacking!3
Sinh Viên IT
No ratings yet
Form Validation: Developmentor
Document28 pages
Form Validation: Developmentor
lycaphe8x
No ratings yet
All in One
Document28 pages
All in One
Solomon
No ratings yet
ASP.NET Page Lifecycle Flowchart
Document12 pages
ASP.NET Page Lifecycle Flowchart
Anivesh Jaiswal
No ratings yet
Assignment No 4
Document18 pages
Assignment No 4
Jusil T. Gaite
No ratings yet
CC15 Case Analysis 2 Group Task 4
Document6 pages
CC15 Case Analysis 2 Group Task 4
Adam Blanza
No ratings yet
Mastering OAuth 2.0
From Everand
Mastering OAuth 2.0
Bihis Charles
Rating: 5 out of 5 stars
5/5 (1)
Web Application Report Avaintcon Ex
Document5 pages
Web Application Report Avaintcon Ex
api-55206651
No ratings yet
Lab 10
Document25 pages
Lab 10
nazia khan
No ratings yet
Magic Url
Document15 pages
Magic Url
aurox3d
No ratings yet
web-app
Document30 pages
web-app
dhananjayb618
No ratings yet
CSRF 1704535172
Document6 pages
CSRF 1704535172
setyahangga3
No ratings yet
Revisions 112422
Document13 pages
Revisions 112422
Paul Patagan
No ratings yet
Business Requirements Document (BRD) Project Name:-Easy Car Rental (ECR)
Document12 pages
Business Requirements Document (BRD) Project Name:-Easy Car Rental (ECR)
Aayush Pathak
50% (2)
50 ASP - Net Interview Questions & Answers
Document18 pages
50 ASP - Net Interview Questions & Answers
Nayan Kharche
No ratings yet
Web Application Hacking
Document9 pages
Web Application Hacking
Abraham Zeleke
No ratings yet
Backlink Generators
Document2 pages
Backlink Generators
NARAYANAN PACKIAM
No ratings yet
Microsoft Test Inside 70 488 v2013 12 13 by SGT Pepper 68q
Document92 pages
Microsoft Test Inside 70 488 v2013 12 13 by SGT Pepper 68q
arhuaco7670
No ratings yet
NCHL Patched
Document28 pages
NCHL Patched
Nirdesh Raya
No ratings yet
Weekly Intelligence Summary: 'Tis The Season For SEO Hijacking: Online Stores Face Lost Traffic, Revenue
Document6 pages
Weekly Intelligence Summary: 'Tis The Season For SEO Hijacking: Online Stores Face Lost Traffic, Revenue
vha Ky
No ratings yet
Cross Site Scripting
Document12 pages
Cross Site Scripting
sanik
100% (1)
Earning Money through Online Advertising
From Everand
Earning Money through Online Advertising
Dr. Hidaia Mahmood Alassouli
No ratings yet
Lab 3.1
Document4 pages
Lab 3.1
phatjnvaa
No ratings yet
Math 125 Section 4.1 Max and Min Values and 4.2 Applications of Derivatives
Document9 pages
Math 125 Section 4.1 Max and Min Values and 4.2 Applications of Derivatives
Sói Hoang
No ratings yet
Business Vocabulary
Document99 pages
Business Vocabulary
sunnysinha_sunny
No ratings yet
Prevent CSRF Attacks PDF
Document10 pages
Prevent CSRF Attacks PDF
Sói Hoang
No ratings yet
CSRF
Document13 pages
CSRF
tjrothwell
No ratings yet