URL Redirection / Unvalidated Open Redirect

Home Forums Bug Report / 问题反馈 URL Redirection / Unvalidated Open Redirect

Viewing 2 reply threads
  • Author
    Posts
    • Participant
      #1 Hasnain Abbasi #605773

      I am an Independent Security Researcher running a vulnerability identification service , and I accidentally found some vulnerabilities in your infrastructure.

      And it can cause damage to your website. I am sharing the vulnerability details with you including suggested solution.

      Kindly respond as soon as possible 🙂

       

      regards.
      <p class=”MsoNormal”>======================</p>
      <p class=”MsoNormal”><b><span style=”font-size: 12.0pt; line-height: 107%;”>Vulnerability Name: URL Redirection / Unvalidated Open Redirect</span></b></p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>=============</p>
      <p class=”MsoNormal”>Vulnerable parameter: URL</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>============</p>
      <p class=”MsoNormal”>Vulnerable Domain: https://www.sockscap64.com/</p&gt;
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>How to Reproduce this Issue:</p>
      <p class=”MsoNormal”>=========================</p>
      <p class=”MsoNormal”>1.visit this URL it will redirect you to http://bing.com</p>
      <p class=”MsoNormal”>https://www.sockscap64.com/redirect.php?url=http://bing.com</p>
      <p class=”MsoNormal”>Note: Attacker could change http://bing.com to http://evilsite-of-attacker.com and hence can steal user credentials.</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”><b><span style=”font-size: 16.0pt; line-height: 107%;”>Impact:</span></b></p>
      <p class=”MsoNormal”>==================</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>URL Redirection or Unvalidated Open Redirect are usually used with phishing attack or in malware delivery, it may confuse the end user on which site they are visiting.</p>
      <p class=”MsoNormal”>The attacker can force the user to install trojans, malwares, etc. into his system.</p>
      <p class=”MsoNormal”>And can conduct phishing attacks.</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>1. Attacker could redirect victim to vulgar site such as any porn site which can degrade the reputation of your site as the redirection happen from your domain.</p>
      <p class=”MsoNormal”>2. Attacker could deliver malware or phishing pages in the name of your website and hence can steal user credentials.</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>As the front part of URL is legitimate, attacker can easily convince users to click on malicious crafted link,</p>
      <p class=”MsoNormal”>and hence can easily target user of <u>https://www.sockscap64.com/</u></p&gt;
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”><b><span style=”font-size: 14.0pt; line-height: 107%;”>Mitigation: </span></b></p>
      <p class=”MsoNormal”>================</p>
      <p class=”MsoNormal”>If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways:</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>   -Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.</p>
      <p class=”MsoNormal”>   -Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into     this list.</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:</p>
      <p class=”MsoNormal”></p>
      <p class=”MsoNormal”>  -The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL.</p>
      <p class=”MsoNormal”>  -The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a    slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect.</p>
       
      <p class=”MsoNormal”>  -The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with    http://yourdomainname.com/ before issuing the redirect.</p>
       

      Attachments:
      You must be logged in to view attached files.
    • Keymaster
      #2 Super admin #620761

      thank you for your feedback.

    • Keymaster
      #3 Super admin #620766

      fixed.

Viewing 2 reply threads

You must be logged in to reply to this topic.