vos9/Web_Hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Open Redirect.md

Browse Source
This commit is contained in:
Mehdi 2024-10-10 09:50:39 +03:30 committed by GitHub
parent d1388b1f18
commit 5149465bba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Open Redirect.md
View File

@ -1,6 +1,14 @@
# Open Redirect # Open Redirect
Un-validated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Un-validated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
## Using the open url redirect
Below are the most common things I will try with an open url redirect:
* Leak tokens via mis-configured apps/login flows
* Bypassing blacklists for SSRF/RCE
* XSS via javascript:alert(0)
## HTTP Redirection Status Code ## HTTP Redirection Status Code
HTTP Redirection status codes, those starting with 3, indicate that the client must take additional action to complete the request. Here are some of the most common ones: HTTP Redirection status codes, those starting with 3, indicate that the client must take additional action to complete the request. Here are some of the most common ones: