Open Redirect in openwhyd/openwhydValid
Aug 26th 2021
There is an open redirect in the following URL:
after the user agrees on the site policy, it will be redirected to my blog ! it's an open redirect.
🕵️♂️ Proof of Concept
1- Open the link: https://openwhyd.org/consent?redirect=https://mdakh404.github.io 2- Agree on the conditions 3- click on submit, you will be redirected to (my own blog)[https://mdakh404.github.io].
Open Redirect is one of the most useful attacks in terms of phishing, users are target of phishing attacks, suck attacks may target the integrity of the user, depending of the user's security awareness, some may download malicious files etc... a lot can be done using open redirect. 📍 Location consent.js#L57-L59 📝 References Portswigger's Open Redirect Article