Logical Exploits Of Arbitrary URL Jump 2023

By XiaoXin
A Bit Randomly

Kernel:Desktop environments:Programming languages:Security:Other improvements:Debian 11 "Bullseye" is a version of the Debian operating system, which is a popular choice for servers and other systems that require a stable ... Read What's New In Debian 11 "Bullseye"?

Main Contents

Logical Exploits Of Arbitrary URL Jump

The url redirection vulnerability is also called exploit redirection vulnerability, which can redirect the user to the page constructed by the attacker himself. Simply put, it can jump to any specified url. Generally appear in the verification jump, sso login and other positions.

The server does not check and control the incoming redirect url variable, which may lead to the malicious construction of any malicious address, and induce users to jump to malicious websites.

  • Phishing
  • Cooperate with CSRF to operate dangerous requests
  • Cooperate with XSS to execute JS to steal cookies
  • Mating browser vulnerability (CVE-2018-8174)

You can jump to the corresponding page after replacing the url parameter, but some websites may restrict the url jump, you can try to bypass bypass.

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist
Payment Logic Vulnerability of E-Commerce

Vulnerabilities caused by imprecise logic in the payment link are called payment loopholes. Test ideas As long as there are parameters, they can be modified, and there may be problems. Usually use two accounts to comp...

Logical Exploits Of Brute Force, Password Recovery

Brute Force / Credential Stuffing  First, if there is no verification code or the verification code can be bypassed, try to log in with the account password 5 or 10 times to check whether the target account is banned....