A STORY OF OPEN REDIRECTION THROUGH REFERER HEADER.
Hello Hackers!!!
Welcome back to another blog okay let’s move forward. Let’s call Target as Target.com
What is OPEN REDIRECTION?
An Open Redirect Vulnerability entails an attacker manipulating the user and redirecting them from one site to another site.
During testing I’m so curious about Open Redirection Bypassing methods and wanted to test IT on a live target when I’m going for login function I noticed there are two Oauth Functions FACEBOOK & GOOGLE.
What is Oauth Function?
OAuth 2.0 is an authorization framework for Web Applications. It validates the identity of a user to the website which requested it without disclosing passwords to the website. This might sound complicated at first but let’s take an example: A user wants to log in to a website. He heads to the signup page and finds three options to log in Via Facebook, Via Google, Via LinkedIn. When the user clicks one of them, he authenticates himself to the website. OAuth is done so as it saves time for entering details such as Name, Address, etc which are already available at some other websites such as Facebook. Also, it saves users time to manually fill the login form.
There are many ways to bypass the Open Redirection basically, I did it through Referer Header Based Open Redirection.
After clicking on Google Oauth Function Capture it there is no parameter for redirection.
MIND HITS💥 Let’s try another method Header based and Added some headers for bypassing X-Forwarded-Host:, X-Forwarded-For: But nothing is working after some time I tried Referer Header and Luckily it is working an Open Redirection through Referer Header.
It was not fixed so I didn't receive any HALL OF FAME. 😔
NOTE:
If you want to find Out Header Based Open Redirection in an easy way then I’ll highly recommend to you guys that install Handy Collaborator best tool for best findings.
Thank you Hackers for taking time to read my write-up.
Follow me:
