Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/qeeqbox/open-redirect

A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file
https://github.com/qeeqbox/open-redirect

infosecsimplified open qeeqbox redirect vulnerability

Last synced: 2 days ago
JSON representation

A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file

Awesome Lists containing this project

README 

        
 



A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file



## Example #1

1. Threat actor crafts an email with a malicious redirection request for a vulnerable target and sends the email to a victim

2. The victim clicks on the email and sends the request to the vulnerable target

3. The target processes the malicious redirection request back to the victim

4. The victim's browser redirects the user to a malicious website



## Code

#### Target-Logic 

```js

app.post("/weclome", (request, response) => {

    if (request.redirect){

        res.redirect(req.query.redirect);

    } else {

        res.redirect("/")

    }

});

```



#### Target-In

```

?redirect=test.com

```



## Impact

Medium



## Names

- Open Redirect



## Risk

- Redirect users



## Redemption

- Input validation



## Require

- Social Engineering



## ID

cea84b63-1552-47ad-a160-503f1c913390



## References

- [wiki](https://en.wikipedia.org/wiki/Open_redirect)