Handy FB Scripts

Free FB Extensions

Social Applications
Free Social Applications
Neww
Social Media Scripts

G+,LinkedIn & Other

What is URL redirection vulnerability !

URL redirection Exploit

 

  

 - what is url redirection ?

- Iam a developer , how i can protect my script from url redirection ?

- Iam a user , how i can protect my self from fishing, maliciouse links ? 

 

Description

 An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get victims visit malicious sites without realizing that.


URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting. URL redirection is what all spammers love to have.

A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers, malicious websites that contains exploitkit .

 

 How it works ! How to solve it !

URL redirection could be found in forms inputs for example as a return value after validation user credentials , or it might be in javascript codes .. etc

That mean for protection your script should properly sanitize user input.

Example :


http://Vulnerable-Website.com/?url=http://Target-Website.com 

http://Vulnerable-Website.com/login.php?failed=http://Target-Website.com 

 

 

How hackers/Spammers could use it  ?!

 

- Fake login page - EXAMPLE : facking login page of facebook or twitter. could steal victim credentials  . 

- Avoid spammers links from being blocked in social media , such as facebook .

- Redirect victims to racial , ethnic ...etc websites .


 

How i can know the link is safe ?!

 

There is several ways you should follow to protect your self from malicious links which is :

 

- Figure the opened URL , Example : Facebook.com is different than Facebook.freeh.com . 

- Keep your antivirus up to date . i recomended you to use : Essential Security

- Do not open links that saying some hot words , such as : click to win 10.000$ , free mobile credits, claim your money now ... etc .

 

 

What else you know about URL redirection , comment down , we can update this article together . 

 

Regards . 

khalil-shreateh.com

FB.com/khalil.shr

 
 

Tags: security, hackers, developing

Print Email

Copyright © 2016 Twitter/shreateh