{"id":10006,"date":"2021-03-18T12:42:10","date_gmt":"2021-03-18T07:12:10","guid":{"rendered":"https:\/\/www.varutra.com\/?p=10006"},"modified":"2022-12-02T13:07:25","modified_gmt":"2022-12-02T07:37:25","slug":"open-redirect","status":"publish","type":"post","link":"https:\/\/www.varutra.com\/varutravrt3\/open-redirect\/","title":{"rendered":"Open Redirect"},"content":{"rendered":"

What is Open Redirect?<\/strong><\/h3>\n

An open redirect is a security flaw in an application or a web page that causes URLs to fail to authenticate properly. The open redirect is a failure in this phase that allows attackers to direct users to malicious websites of third parties.<\/p>\n

 <\/p>\n

When and Where Happens?<\/strong><\/h3>\n

Open redirection happens when, via a user-controlled input, a web page is redirected to another URL in another domain. This happens when the program takes user-controlled data to the target of redirection in an unsafe way.<\/p>\n

 <\/p>\n

Common dorks for open redirect<\/strong><\/h3>\n

Some dorks<\/p>\n

\/{payload}<\/p>\n

?next=<\/p>\n

?url=<\/p>\n

?target=<\/p>\n

?rurl=<\/p>\n

?dest=<\/p>\n

?destination=<\/p>\n

?redir=<\/p>\n

redirect_uri=<\/p>\n

?redirect_url=<\/p>\n

?redirect=<\/p>\n

\/redirect\/<\/p>\n

 <\/p>\n

Finding possible parameters using web archive for open redirection.<\/strong><\/h3>\n

Using the below link user can identify maximum parameters that could be tested for open redirection.<\/p>\n

https:\/\/web.archive.org\/cdx\/search\/cdx?url=*.testphp.vulnweb.com\/*&output=text&fl=original&collapse=urlkey<\/a><\/p>\n

 <\/p>\n

Automation is possible for checking for open redirect.<\/strong><\/h3>\n

Use the following one Liner to test for open redirect.<\/p>\n

 <\/p>\n

gau testphp.vulnweb.com | tee -a archive 1>\/dev\/null && gf redirect archive | cut -f 3- -d ‘:’ | qsreplace “https:\/\/evil.com” | httpx -silent -status-code -location<\/strong><\/p>\n

\u00a0<\/strong><\/p>\n

Below are the GitHub links to the tools.<\/strong><\/h3>\n