Open Redirection

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.

Exploitation

When reporting an open redirection vulnerability it's important to demonstrate the maximum impact. Redirecting to an arbitrary site is a great proof of concept, however, often times we can trigger a cross-site scripting vulnerability. Rather than configuring a site with a payload, we can just redirect directly to base64 encoded data data, namely a URI with a base64 encoded input containing malicious HTML/JavaScript:

data:text/html;base64,PHNjcmlwdD5hbGVydCgnRXhhbXBsZScpPC9zY3JpcHQ+

References

Last updated