Open-Redirect

https://gitlab.com/jobertabma/vulnerable-code/-/tree/master/open-redirect?ref_type=heads

Step 1: Understand the Vulnerability

The index.php script simply takes the next parameter from the URL query string and appends it to the Location header for redirection
This code does not perform any validation on the next parameter, which allows an attacker to control the redirection destination.

Step 2: Create and Run the Bash Script

1.Create the Bash Script: Create a file named open-redirect.sh and add the provided Bash script to it.

#!/bin/bash
echo $1 > _tmp/strip

php -S 127.0.0.1:8080 -t open-redirect &

open 'http://127.0.0.1:8080/?next=https://hackerone.com'

# Wait for all background processes to finish
wait

- Explanation of the Script:

echo $1 > _tmp/strip: This line writes the first argument passed to the script into a file named strip in the _tmp directory.
php -S 127.0.0.1:8080 -t open-redirect&: This line starts a local PHP server on 127.0.0.1 (localhost) at port 8080, serving files from the open-redirect directory, and runs it in the background.
open 'http://127.0.0.1:8080/?next=https://hackerone.com' Open the URL in the default web browser
wait: This line waits for the background process (the PHP server) to finish

2.Make the Script Executable: Change the script's permissions to make it executable.

chmod +x open-redirect.sh

3. Run the script:

Expected Outcomes:

Server Start: The PHP built-in server should start and listen on 127.0.0.1:8080.
Redirect Execution: The script should open the default web browser and navigate to the URL http://127.0.0.1:8080/?next=https://hackerone.com.
Redirection Confirmation: Once the browser processes the URL, it should be redirected to https://hackerone.com. This confirms that the index.php script is vulnerable to open-redirect attacks and that the vulnerability has been successfully exploited.

PreviousInsecure direct object references (IDOR)NextPath-Traversal

Last updated 1 year ago