Introduction
Open redirects are pretty dangerous, not because of their impact but because of how easily they can be hidden. We will be exploring some general tips later on but first we need to explain what open redirects are.
The best way to do that in my experience is by example so we will again be building a lab and hacking it before we try to secure it. Open redirects happen when the application redirects the users but does not check the user is sent to the proper resource. Instead, no check is done and every malicious actor could insert their own link into the request and make it appear as if their website is affiliated with the one they are attacking in order to scam people.
I’ve foreseen a space on my FTP server where you can create your own labs. You are going to create them, hack them, and secure them before you learn what I mean by using the right filter for the right job.
Make a connection
THE SERVER GETS ERASED EVERY 24 HOURS
- [ ] FTP connection: hackxpert.com
- [ ] User: Training
- [ ] Password: test
- [ ] Create a new file on the server
- [ ] Use “nickname.php” for example “rat.php” where the nickname can be anything, as long as you can copy and paste it
Let’s create an open redirect
Enter the following code in your file and upload it to the server.
if(isset($_GET[‘url’])){ $redirect_url = $_GET[‘url’]; header(“Location: “ . $redirect_url); }
?>
<form action=YOUR_FILE.php method=”GET”> URL:<input type=”text” id=”url” name=”url”><br> <input type=”submit”> </form>
Take care to replace
<form action=YOUR_FILE.php method=”GET”> With your actual filename
Let’s hack it
Now you should be able to navigate to https://www.hackxpert.com/Training/YOUR_FILE.php
Since you know what an open redirect is, can you guess what the problem here is?
