Professional Documents
Culture Documents
Vulnerability Description:
Open redirection is smetimes used as a part of phishing attacks that confuse visitors about which web
site they are visiting.
Impact:
Whenever user visits this URL, it will redirect them to site.com. It is used in phishing attacks.
Remedation:
If possible, application should avoid incorporating user-controllable data into redirection targets. In many
cases, this behavios can be avoided in two ways:
Remove the redirection function from the application, and replace links to it with direct links to the
relevant target URLs.
Maintain a servire-side list of all URLs that are permitted for redirection. Instead of passing the target
URL as a peremeter to the redirector, pass an index into this list.
Vulnerable URL:
https://wakatime.com/settings/account?apikeyrefresh=true
2. add the payload to the header request and forward the request.