Hi Everyone,
Recently I found bug on Avast platform which is open redirection.
Open Redirect vulnerability allows attacker of an web application to redirect users to any external sites. Here, there is no validation of the passed input by attacker. This is basically used in phishing attacks.
OR
Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access.
The vulnerability was a sneaky one, instead of writing a long article I decided to record it.
PS: Enjoy the song :)
You can watch the video on Youtube
OR
Video POC:-
I would really be very glad to hear your feedback.
Thank you.
EmoticonEmoticon