Saturday, 19 March 2016

OWASP : Unvalidated Redirect and Forward:

  •  Please Note: This is only for educational purpose. 
What is OWASP?
Open Web Application Security Program is an online community, wherein security professionals have created online free article for vulnerability/ security risks/flaws in web applications.
  •  Unvalidated Redirect and Forward:
  1. Here attacker changes the attribute value in URL where the link is redirected to another webpage.
  2. e.g. the value of redirect attribute, where redirect is the name of attribute used in URL.
  3. This happens as proper validation is not done for the attributes in URL. like domain validation.
  4. The aim of attacker is to force the user to visit attackers website, which is already malicious. 
  5. When attacker notices such type of vulnerability in we application , the attacker change put his malicious website link inside the redirect attribute and can send it to victim.
  6. when victim clicks on such link he is redirected to malicious attackers website, so such website can be created similar as of original website and can force victim (which is unknown to victim) to visit, download malicious code.
How to find such website:
  1. Find the websites which has this issue using google dork , e.g.  inurl:redirect_2.php, This google dork will give you website links where redirect word is present in URL.
  2. e.g xyz/redirect_2.php?url=www.xyz.com
  3. e.g xyz/redirect2.php?url=www.xyz.com
  4. Here if you change the value of redirect attribute , in this case url is the name of attribute and you are changing attribute value and if it works then this website is prone to unvalidated redirect and forward vulnerability. 
  5. That means this website is not properly validated in terms of URL.
  6. When such changed URL is visited by user then attacker can take advantage of this, i.e it can be redirected to attackers malicious website.
  7. like attacker can create similar page like original page, input box, password, such things can be saved in background.

Get and Post methods in HTML URL:
  1. Get method :   
  • Using this method the values are clearly visible in URL. 
  • So this method should not be used for sensitive usage. 
  • Get method is not secured.














  • In above example I entered password in both text field and clicked on change button.
  • You can observe my password in clear text inside URL :
  • http://192.168.0.7/vulnerabilities/csrf/?password_new=abcd&password_conf=abcd&Change=Change# 
  • This is possible as I have used GET Method in Form tag.

 2. Post method:
  • Using this method the values are not visible in URL
  • So this method should be used in HTML


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)