我已经测试了以下域:
Host header injection leading to open redirect
我想知道:
How can I use my gathering to exploit what I have already found?
P.S。:-我正在做的事情绝对是道德(我有权在此域上进行测试,我是那里的培训生。)
摘要:
I have found open redirect vulnerability by injecting in "host" header of some domain. Used BurpSuite. Image description below in Output.
浏览器已验证:
chrome v74 and Firefox v60
复制步骤:
Navigate to website vulnerable to this
Capture request with burp suite and modify the host header value with the target domain and forward the request.
You will get a 302 response with location to the target domain.
我作为BurpSuite屏幕截图输出的图像类似于:(参考)
https://cdn-images-1.medium.com/max/1600/1*Ivym4NpAjuah0ljdDxkpdA.jpeg
我想了解进一步利用此漏洞的方法。
I have thought about phishing. (Redirect the user to an attacker controlled page which would lead to phishing.)