I'll start with, What is an open redirect?π€ and why should you even careπ€·ββοΈ
Open redirects can cause harm, damage your system, or even expose your private information. So what is it exactly π? An open redirect is a way of redirecting a user from one site to another.
Have you ever seen something like this:
http://example.com/example.php?url=http://malicious.example.com
That's an example of a URL that can redirect a user to another website.
It can be good π meaning it could be another website the owners of the initial site want you to go to complete an operation/process or a new version of the initial website. Or bad πΏ, redirecting to a harmful site. The good thing is you can see this coming if you're careful.
Okay, so open redirects can be exploited in the following ways:
- Phishing, no, not fishing π π
- Sending malware π
- or even XSS
Let's talk about these for a minute π°π£
I must let you know that this is not a comprehensive guide to Open Redirects. This article will enlighten you on how Open Redirects is used to exploit and possibly how to prevent it.
Phishing
Phishing is a general term for deceptive attempts to coerce private information from users that will be used for identity theft.
On clicking a link with this vulnerability, you might receive an email that can trick you into giving personal information like credit card info, passwords, e.t.c. It might have a sense of urgency or something to it too.
Sending malware π
The URL can also redirect you to downloading malware. Here's an example.
This link clearly states that it is malware, but it won't always be the case. We'll get to preventive measures in a bit. By the way, be careful not to click links like that if you're not sure what it is. Besides, some browsers show you the address/URL of the link you're about to click.
XSS
Well, I'll leave this to the backend engineers here to do more research π.
So how do we even prevent this in the first place π©
One way is for backend developers to avoid π« using open redirects.
Backend developers should also check that address obtained from the URL endpoint or URL query parameters is verified (checking against a list of allowed redirects or using regex).
URLs with terms like redirect, redir, url, exit, external-link, q, page, goto e.t.c should be avoided. It could be anything, but you need to be careful.
Okay π€
I think I have been able to achieve what I wanted to do with this particular article. It's not necessarily to teach you about open redirects but to enlighten you about its harm. I think I've done a bit of both. Now, it's your turn to do more research.
Thanks for reading, peace β€οΈβοΈ