OPEN REDIRECT VULNERABILITIES: ESCALATING TO XSS

This article was originally published at BePractical

INTRODUCTION

A lot of bug bounty hunters usually just reports the vulnerability that they found directly to the program without understanding the impact of it. Although this is completely fine, but sometimes it restricts you to get the bounty you deserve. For example, If you have identified open redirect vulnerabilities in a web application and you report it directly then you will get around a minimum of $100. That’s great, but what if i told you that you can get 5 times more bounty of the same vulnerability? Well, it can actually happen if you know the impact. If you have found open redirection vulnerability in OAuth functionality then you may even get around $1000! Therefore, it is very important for bug hunters to identify the impact of vulnerabilities that they have found. To increase the impact of any vulnerability, Escalation plays an important role. For example, open redirect vulnerabilities escalated to cross site scripting can give you much more bounty compared to open redirection alone.

Hey everyone, In the last article, we have discussed about open redirect vulnerabilities and how to find them in depth. Now, Let’s discuss how we can escalate open redirection into cross site scripting vulnerability to increase the security impact and increase overall bounty on the program.

Annonucement: If you want to learn how hackers hack millions of accounts on a website, Then check out this beginner friendly course which will teach you how to perform account takeovers in real world websites that will boost your bug bounty hunting skills from basics to advance level.

WHAT IS OPEN REDIRECT VULNERABILITIES?

open redirect vulnerabilities example

In simple terms, It is a vulnerability that allows an attacker to redirect users to their websites. Attackers usually perform phishing attacks via open redirection. You can read more about it here

HOW TO ESCALATE OPEN REDIRECT TO XSS?

To escalate open redirection into cross site scripting, follow these simple steps:

Identify: Identify the parameter responsible for redirection. After that, Make sure to confirm that you are able to perform open redirection vulnerability.

Inject: After identifying open redirection vulnerability, Try to inject JavaScript payload. For example:

https://target.com/login?return=https://bing.com

to

https://target.com/login?return=javascript:alert(1)

Verify: After that, confirm whether you are able to see 1 getting popped up. If yes, then you just escalated your privilege to cross site scripting.

Video Demonstration of Open Redirect Vulnerabilities:

Open Redirection Vulnerability Escalation on Live Website

CONCLUSION

I hope you understood how to escalate open redirection into cross site scripting vulnerability. Please note that the method described above may not work in certain web application that are more secure. In that case, you have to identify where you have found open redirection. If there is open redirection vulnerability in login functionality then you may not get that much bounty but if you have identified the same on some Oauth functionality where you can steal sensitive tokens of authentication then your bounty will automatically get increased.

Please understand that the more you analyse the application, the more you will be able to break into it. With that said, If you have any doubts or issues related to bug bounties then feel free to comment down below.

Join our telegram channel over here.

Subscribe to our YouTube channel over here.

OPEN REDIRECTION TO XSS REPORTS

Report 1

Report 2

COURSES RELATED TO CYBERSECURITY

Learn Hacking Windows With Python From Scratch(2022)

Learn how to create advance payload that can be used to hack windows without being detected by any antivirus till now. Click on this link to know more

The Ultimate Guide to Hunt Account Takeovers(2022)

Learn how to perform account takeover vulnerabilities because of website misconfiguration from basics to advance and boost your bug bounty hunting skills! Click on this link to know more.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store