Recents in Beach

Open Redirect Vulnerability Cheat Sheet Google Links | Now Fixed | #TechTalks

You can change the highlighted part to any website of your choice and the user will be redirected to that domain, without any redirect check. While a user will click on it thinking of it as a google domain, it’s not exactly that.



How attackers use it?

  • Google Domains Found Vulnerable
  • How to Protect Your Website from Open Redirects?
  • How attackers use it?
  • Let’s assume your company has absolutely no idea of which domains might be used to trigger redirects and an attacker finds it out.

www.yourcompany.com/ btnI&q=attacker.com

Now this ‘attacker.com’ is a complete copy of your website. It doesn’t matter if you’re in econ, banking, insurance, or something else. Attackers can make your customers fill in on any details at the cost your trust built over several years.

Note: Often these open redirection URLs are not so simple to detect. It can be something subtle like www.yourcompany.com/ btnI&q=lkht.io


Google Domains Found Vulnerable

Google failed to validate at least 31 URLs (that we know of) at the application layer. Here’s the list. You can go ahead and click on any of these to see where it takes you to.

  • 1. https://asia.google.com/search?btnI&q=http://www.techtalks4u.com/
  • 2. http://blogsearch.google.com/search?btnI&q=https://techtalks4u.com/blog/
  • 3. http://clients1.google.com/search?btnI&q=http://www.techtalks4u.com/
  • 4. http://images.google.com/search?btnI&q=http://www.techtalks4u.com/
  • 5. http://mail.google.com/search?btnI&q=http://www.techtalks4u.com/
  • 6. http://map.google.com/search?btnI&q=http://www.techtalks4u.com/
  • 7. http://www.google.com/search?btnI&q=allinurl:https://www.techtalks4u.com/
  • 8. http://appengine.google.com/_ah/logout?continue=http://techtalks4u.com/
  • 9. https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://techtalks4u.com/ (user must be logged out)
  • 10. https://google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=http://techtalks4u.com (user must be logged out)
  • 11. https://www.google.com/search?source=www.techtalks4u.com&hl=www.techtalks4u.com &q=www.techtalks4u.com&btnG=www.techtalks4u.com &btnI=www.techtalks4u.com
  • 12. https://www.google.co.nz/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 13. https://www.google.lk/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 14. https://www.google.com.lb/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 15. https://www.google.la/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 16. https://www.google.kz/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 17. https://www.google.com.kw/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 18. https://www.google.co.kr/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 19. https://www.google.kg/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 20. https://www.google.ki/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 21. https://www.google.co.ke/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 22. https://www.google.co.jp/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 23. https://www.google.jo/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 24. https://www.google.com.jm/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 25. https://www.google.je/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 26. https://www.google.it/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 27. https://www.google.is/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com 
  • 28. https://www.google.im/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com 
  • 29. https://www.google.ie/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com
  • 30. https://www.google.iq/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com 
  • 31. https://www.google.co.id/search?source=www.techtalks4u.com&hl=www.techtalks4u.com&q=www.techtalks4u.com&btnG=www.techtalks4u.com&btnI=www.techtalks4u.com


How to Protect Your Website from Open Redirects?

With dozens of domains and hundreds of web applications, it is often difficult for business owners and security personnel to keep a tab on all of them. It is critical to have a mechanism in place that at least checks and reports Unauthorized Redirect vulnerability. Patching the issue should be the second step.

Since online business activities are volatile, continuous and manual security checks cannot be tied to them. AppTrana Free Website Scan is designed to warn you of such vulnerabilities under the critical category. While web application scanning continuously looks for such issues, our web application firewall blocks unvalidated redirects from your domains. You can even request custom POCs from our experts to understand how a hacker can use the vulnerability to attack you and your customers.

Post a comment

0 Comments