[Owasp-leaders] A query regarding Unvalidated redirect

Michael V. Scovetta michael.scovetta at gmail.com
Wed Jan 3 21:00:35 UTC 2018


Hi Ankush,
  How did your colleague replace the location parameter? Usually, this is
vulnerable if there's something like
https://blah.com?redirect=https://evil.com and then the server takes the
https://evil.com and sticks it into the location parameter. The attack is
that I just send you an email with a link to
https://your-trusted-bank.com?gobblygook, which of course you trust because
it's your bank website, and then you get prompted for creds at
https://y0ur-trusted-bank.com which you don't notice is different, because
phishing... etc.

Mike

On Wed, Jan 3, 2018 at 9:22 AM, Ankush Mohanty <ankush.mohanty at owasp.org>
wrote:

> Dear leaders,
>
> One of my colleague got an issue on a *302 found* response. He just
> replaced the *Location *parameter with an external  domain(www.google.com)
> and redirected to the external domain without hesitation. According to
> OWASP Top 10 2012 A10 (Am I vulnerable... point no 2) it should be a
> vulnerability.
>
>
> Attaching the screenshot of the 302 response. Please let me know wheather
> I am correct or not.
>
>
> Thanks & Regards
> Ankush Mohanty
> --
> Thanks and Regards
> Ankush Mohanty
> Cuttack Chapter Lead
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
-[ Michael Scovetta ]-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180103/4590a49e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_2132.jpg
Type: image/jpg
Size: 1692428 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180103/4590a49e/attachment-0001.jpg>


More information about the OWASP-Leaders mailing list