This video gives me a ton of information in a clear logical way in 8 min ! I didnt understand or remeber it all but I can do research on the topic easily ! Thank you ! This is helpful
I wish, but he's too good. I'm not even close to his knowledge/experience level and he's a person I look up to. For now, yes, I'll be focusing on Web, others later.
What a great detailed video.. really loved it! next time i will just forward this video link, whenever anyone asks me about open redirects. You got me subbed and i will wait for more contents from you :)
With your download chrome example, don’t most browsers tell you where the file is downloaded from? Firefox would say “ChromeSetup” for what you downloaded and in a smaller line below it “Downloaded from attacker’s website”, could this possibly be faked in a dangerous way (something like how mega does downloads? completely on the page and only sends your browser the finished file, which i guess is intended for stuff you make in-browser, the browser should handle remote downloads, right?) or does the attack only work on browsers that don’t tell you which server it downloaded the file from?
YOOOO Social Engineering is an essential skill because we all know when 'something' does not brake from the outside it does from the inside and of course the human factor will always be vulnerable.
I was looking for an Olivia Rodrigo audio file, and I found a website that redirected me to some website where the screen said something about my iPad having 19 viruses....
How can someone use an open redirect to take over an account? - password tokens are not listed anywhere. how can the hacker find the token? - even if the token is found, there is a HIGH chance it is expired. - even if the token is found, the token is deleted right after the password reset. Also if the hacker has the token, why not directly resetting the password himself?
In the given example, the token leak could have been easily prevented by sending the token in the body or header, not as a part of the URL. But yeah, I was wrong, method has nothing to do with it. It's about having the token in the URL.
MAN!!! Your explanation just drilled the concept hole in my brain! I finally understand How is this a vulnerability and the Thomas Example was cherry on cake! It gave a good understanding~
If I make a open redirect and if it redirects out of the site I show a Warning that you are leaving the site. (I coded so everytime ANY redirect is ran it shows the warning first, then redirects to the target after accepting It shows the URL it is redirecting to and with a Fat Warning text
Hey! if the websites instead of redirecting to another domain, loads content from the domain you select, does count as a vulnerability? how can i exploit it?
From `Referer` header, which contains the address of the previous web page and in the url, there's the token. Only exploitable if the token is not expired or reusable or not used.