Professional Documents
Culture Documents
Shopify
url: app.shopify.com/services/google/themes/preview/supply–
blue?domain_name=XX
SHOPIFY 2
url: http://mystore.myshopify.com/account/login
al hacer login shopify hacia redirect con el parámetro checkout_url
y este se podía modificar como vemos abajo
http://mystore.myshopify.com/account/login?
checkout_url=.attacker.com
este nuevo url llevaría a el dominio:
http://mystore.myshopify.com.attacker.com
dominio que no es administrado por Shopify, es decir no es suyo asi
que alguien podría comprar un dominio parecido y ponerlo en el
parameto para después hacer phishing u otro tipo de ataque
malicioso
Summary
Open redirects allow a malicious attacker to redirect people unknowingly to a malicious
website. Finding them, as these examples show, often requires keen observation.
Redirect parameters are sometimes easy to spot with names like redirect_to=, domain_-
name=, checkout_url=, and so on. Whereas other times they may have less obvious
names like r=, u=, and so on.
This type of vulnerability relies on an abuse of trust, where victims are tricked into visiting
an attacker’s site thinking they will be visiting a site they recognize. When you spot likely
vulnerable parameters, be sure to test them out thoroughly and add special characters,
like a period, if some part of the URL is hard-coded.
Additionally, the HackerOne interstitial redirect shows the importance of recognizing the
tools and services websites use while you hunt for vulnerabilities and how sometimes
you have to be persistent and clearly demonstrate a vulnerability before it’s recognized
and accepted for a bounty