Learning more things: Open Redirect
I am making it a point to study and read up on lots of things that will help me improve my skillset. This book, Web Hacking 101, is free from HackerOne.
I'm going through it, trying to understand concepts and writing a little bit about what I learn. This is not based on my own research or findings, it's just lots of Google searches, reading books and watching YouTube. Really, the purpose of these posts is for me to force myself to better absorb the information I'm reading by actively trying to undertand it.
What's open redirect?
It's when you can visit a specific URL and the website redirects you to another URL without proper validation. It can be on a completely different domain.
It can look something like this:
https://www.tacos.com?redirect_to=https://www.nottacos.com
If the redirect isn't being properly validated, you can be redirected to a malicious site. When you meant to go to taco.com, you end up redirected to nottacos.com, which is hosted by the attacker.
Here's an OWASP cheatsheet that goes over a few of the basics.
It shows a few examples of safe code vs bad code.
Unvalidated Forwards
Somewhat related, is an unvalidated forward. According to OWASP:
When applications allow user input to forward requests between different parts of the site, the application must check that the user is authorized to access the URL, perform the functions it provides, and it is an appropriate URL request.
Here's their example:
http://www.example.com/function.jsp?fwd=admin.jsp
This could potentially give the attacker the ability to craft a URL that bypasses access control by fowarding them to admin.jsp.
Always trying to learn
I'm always focused on trying to learn things. These may not be the coolest or biggest things around, but if I keep reading and picking up new things little by little, one day I will have a whole lot more knowledge than I do today.