“There is no delight in owning anything unshared.”

URL redirection Vulnerability in Google & Facebook

Vulnerability is a security breach.URL redirection is kind of fishy

An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.

Vulnerability in Google: – reported in Google by “Ucha Gobejishvili ( longrifle0x )

https://accounts.google.com/o/oauth2/auth?redirect_uri=http://www.something.com

Vulnerability in Facebook: – Discovered by ZeRtOx from Devitel group

http://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com

Impact:

  • The user may be redirected to an untrusted page that contains malware which may then compromise the user’s machine.
  • The user may be subjected to phishing attacks by being redirected to an untrusted page.

~~Information shared for awareness purpose~~

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s