Youtube Open Redirect Vulnerability

2024.03.24
tr Anezatra (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

------------------------------------------------ YOUTUBE OPEN REDIRECT VULNERABILITY ------------------------------------------------ Date: 23.03.2024 Author: Anezatra Test Platform: Windows 10 / Android ------------------------------------------------ WHAT IS A OPEN REDIRECT VULNERABILTY ------------------------------------------------ Open redirect vulnerability is a security flaw commonly found in web applications. It allows malicious actors to redirect users to unintended or malicious websites using seemingly legitimate redirection mechanisms. Attackers exploit this vulnerability by crafting URLs with parameters that control the redirection, often leading users to phishing or malware-infected sites. Web developers should exercise caution and implement proper security controls to mitigate the risks associated with open redirect vulnerabilities. ------------------------------------------------ POC TEST - REDIRECT DESTINATION ------------------------------------------------ target: example.com https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTBuQmxJWmlDWGl3NFJqNVNnT0FJOXRFTlkwUXxBQ3Jtc0ttX0F6V1pSSVFaTlB1X3pzMW11Q2dSZVNCYThYb2thdlNJcmtkeEctcWoyMUtYZjhsOGVsWlJtam9teTFNcGlPcHdmNnZtZFI1NXliRFNXWEdXRk9kU183cEVDOEtoSEFVMEZvbGNuem5rcEtqZ1RyTQ&q=https://example.com [*] Exploit successfully [*] Contact: anezatra@gmail.com [*] Github: https://github.com/anezatra


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top