Open redirect vulnerability example

preview_player
Показать описание
What is Open Redirect Vulnerability

Healthy diet is very important for both body and mind. We want to inspire you to cook and eat healthy. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking.

Text version of the video

Slides

ASP.NET Core Text Articles & Slides

ASP.NET Core Tutorial

Angular, JavaScript, jQuery, Dot Net & SQL Playlists

Application Vulnerable to Open Redirect Attacks

Your application is vulnerable to open redirect attacks if the following 2 conditions are true

Your application redirects to a URL that's specified via the request such as the querystring or form data

The redirection is performed without checking if the URL is a local URL

What is Open Redirect Vulnerability

The redirection includes a returnUrl querystring parameter so that the user can be returned to the originally requested URL after they have successfully logged in.

A malicious user can use this returnUrl querystring parameter to initiate an open redirect attack.

Open Redirect Vulnerability Example

The user of your application is tricked into clicking a link in an email where the returnUrl is set to the attackers website.

The login page of the attackers website looks exactly like the authentic site.

The user logs in again on the attackers website, thinking that the first login attempt was unsuccessful

The user is then redirected back to the authentic site.

During this entire process, the user does not even know his credentials are stolen.

Prevent open redirect attacks in ASP.NET Core

We have an open redirect vulnerability beacuse, the URL is supplied to the application from the querystring. We are simply redirecting to that URL without any validation which is what is making our application vulnerable to open redirect attacks.

To prevent open redirect attacks, check if the provided URL is a local URL or you are only redirecting to known trusted websites.

ASP.NET Core has built-in support for local redirection. Simply use the LocalRedirect() method. If a non-local URL is specified an exception is thrown.

public IActionResult Login(string returnUrl)
{
return LocalRedirect(returnUrl);
}

To check if the provided URL is a local URL, use IsLocalUrl() method.

public IActionResult Login(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction("index", "home");
}
}
  1. kudvenkat
  2. open redirect vulnerability fix
  3. open redirect vulnerability c#
  4. how to fix open redirect vulnerability in c#
  5. open redirect vulnerability tutorial
  6. open redirect vulnerability solution
Рекомендации по теме
Open Redirect Vulnerability 0:08:34

Open Redirect Vulnerability Explained

Open redirect vulnerability 0:09:24

Open redirect vulnerability example

what is an 0:07:26

what is an open redirect vulnerability? (intermediate) anthony explains #389

Open Redirect and 0:13:36

Open Redirect and How to Find It | Hacking Bug Bounty

How to hunt 0:15:30

How to hunt for Open Redirect Vulnerability | Bug Bounty

OPEN REDIRECTOIN TUTORIAL: 0:03:34

OPEN REDIRECTOIN TUTORIAL: HUNTING ON LIVE WEBSITE

Open Redirect Vulnerability 0:01:41

Open Redirect Vulnerability

Open Redirect Vulnerabilities 0:43:17

Open Redirect Vulnerabilities Explained: Security Weekly

AMAZING Open redirect 0:02:53

AMAZING Open redirect bypass! 10/10 - Would bypass again

[POC] Open Redirect 0:05:26

[POC] Open Redirect Vulnerability on myntra.com || Bug Bounty || POC #bugbounty #infosec

$1000 open redirect 0:02:46

$1000 open redirect | Bug Bounty POC 2023

Open Redirect in 0:00:35

Open Redirect in url POC

Mass Hunt Open 0:11:18

Mass Hunt Open Redirect with and without GF Patterns

How to Find 0:01:57

How to Find 😍OPEN-Redirection 😍??? Easy | Using Google-dork | Bug Bounty 2023

What is an 0:01:51

What is an Open Redirect? | OWASP Top 10 2013 | Video by Detectify

Open Redirect Vulnerability 0:00:34

Open Redirect Vulnerability in Lenskart website

Open redirection: can 0:04:12

Open redirection: can automatic redirection be harmful?

open redirect vulnerability 0:01:11

open redirect vulnerability on skypicker-api.infinario.com

How to Prevent 0:03:31

How to Prevent Open Redirects in your Applications

BUG BOUNTY: LET'S 0:13:04

BUG BOUNTY: LET'S AUTOMATE OPEN REDIRECTION! | LIVE HUNTING

Open Redirect Leading 0:15:36

Open Redirect Leading to OAuth Access Token Disclosure!

Open Redirect Vulnerability 0:03:53

Open Redirect Vulnerability | Bug Bounty Poc - Open Url Redirect

1-Liner to identify 0:01:46

1-Liner to identify Open Redirect Vulnerabilities

Open URL Redirection 0:11:09

Open URL Redirection Vulnerability Demo|POC | Example | Vulnerability Testing Methodology explained

Комментарии
Автор

I am sure nobody explains these things in general. You are out of the box Venkat!

Praveen.Kumar.
Автор

simple, clear and direct as allways, thank's man

foxlatinomx
Автор

Thank you for this video. I will start making sure to check return urls.

flygonfiasco
Автор

Hello Venkat, thank you for this video, but my returnUrl is always NULL. I have read a lot on StackOverflow and other c# forums, but have found NO solutions. What am I doing wrong? Any ideas? Thank you!

steveclements
Автор

Thanks Venkat. Wish you have a nice day : )

dhliu
Автор

Help me, when I changed username and tried to log in again, I got "Invalid Login attemp". After switching back to the original username, it worked normally.

gabidepchai
Автор

But how can the attacker provide a link to his url while he is not even using the application?

mohdtalha
Автор

what programming language is being used?

tregalaxy
Автор

sir i have error in 71 video i can't solve this error you help me sir to solve the problem.

pujakriraut
Автор

Can anyone help me with .net mvc web application vulnerability..I will pay if some one provide proper solution??

Dhagand