Posts

Showing posts from January, 2019

A Tricky Open Redirect

Image
Hello Friends,
Today, I'm gonna share one of my coolest finding that how I found an Open-Redirect vulnerability on private site of Bugcrowd.

Open Redirect:
Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs.Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input.


How I found Open Redirect vulnerability?
In my free time, I was looking for bugs and at the same time, I received an Invitation on Bugcrowd. 
I visit the site and registered an account on that site.
I can't disclose the website name, so let’s assume https://redacted.com

So, I found this normal login endpoint ie 

https://redacted.com/login?nextUrl=url

Next, I try some open redirect payloads on next parameter ie nextUrl=http://evil.com or nextUrl=//evil.com and others but nothing worked. 
I randomly put evil.com after next paramter
ie
https://redacted.com/login?nextUrl=evil.com
and after login, the site redirects …

Tabnapping Vulnerability in Edge Browser [Unpatched]

Image
Hello Friends,

Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag.

If you don't know about tabnabbing or tabnapping, then visit this
https://www.hackerinside.me/2018/09/what-is-tabnabbing-and-tabnapping.html 


PoC:

Open Edge browser and visit this url https://whitehatpentesting.000webhostapp.com/tabnabbing.html



Prevention:

To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer".



Hope Microsoft will fix this bug and other bugs in Future.