Open/ Unvalidate Redirect Vulnerability

Open/ Unvalidate Redirect Vulnerability : September 26, 2018

Open/ Unvalidate Redirect Vulnerability

Open Redirect or Unvalidated Redirect is a potential vulnerability in web applications or web pages by exploiting this vulnerability an attacker can redirect web page users to any external link / websites, that websites may be malicious or a phishing link.
Although developers pay not so much attention on this vulnerability because it does not have any direct impact on web application or web pages but it’s a matter of website reputation because domain name URL is the only thing for the users to identify that website is legitimate or malicious one, An attacker exploit this trust to make simple user there victim. Enough for introduction now I’m going to show you how to test & exploit open redirect vulnerability.
For Demonstration I use Metasploitable 2 mutillidae (Vulnerable Web Application) & BurpSuite for Penetration Testing

How To Test & Exploit Open/Unvalidated Redirect Vulnerability

First Open your browser and point it on Burpsuite

Now I’m going to open vulnerable web application

Note: In my example it is http://192.168.1.28/mutillidae/index.php

Now i visit this link http://192.168.1.28/mutillidae/index.php?page=credits.php

In this page i’ve seen many outside links which use Get Method and parse the value in forwardurl Parameter.

As i’m going to click on Adrian Crenshaw link and intercept the packet in Burp.

Look at this GET /mutillidae/index.php?page=redirectandlog.php&forwardurl=http://www.irongeek.com/ HTTP/1.1

Change this to GET /mutillidae/index.php?page=redirectandlog.php&forwardurl=http://www.appinindore.com/ HTTP/1.1 and click on forward.