URL redirection Vulnerability in Google & Facebook
Jan 13, 2012
URL redirection Vulnerability in Google An open redirect is a vulnerability that exists when a script allows redirectionto an external site by directly calling a specific URL in an unfiltered,unmanaged fashion, which could be used to redirect victims to unintended,malicious web sites. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. A similar vulnerability is reported in Google by " Ucha Gobejishvili ( longrifle0x ) ". This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. Url: https://accounts.google.com/o/oauth2/auth?redirect_uri=https://www.something.com Same vulnerability in Facebook, Discovered by ZeRtOx from Devitel group : https://www.facebook.com/l.php?h=5AQH8ROsPAQEOTSTw7sgoW1LhviRUBr6iFCcj4C8YmUcC8A&u=www.something.com Impact of Vulnerability : The user may be redirected to an untrusted page that contains malwar...