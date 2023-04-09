



Set parameters like returnUrl. Very common in the authentication process. The reason behind some programmers of these applications is simple. A user requests a URL that is protected by an authenticated session, but the user requesting that session URL does not and redirects to the login page with the parameter returnUrl What is a URL? Navigate through web logs After the process, it’s very simple, but if you get it wrong, it can cause security problems.

In other words, if an attacker can manipulate the value of returnUrl to put a desired URL, if the code handling the value returnUrl redirects without checking security after being authenticated, it’s a complete phishing i.e. legitimate URL You can run the link URL for If it’s a URL that users visit and authenticate with, they can do malicious things.

Sites using ReturnUrl and http/s protocol with GET indexed on Google

Just throw an exploit to install malware or visit a single phishing URL. The site is asking for a password again, but this time using a domain hosted on a typosquatting site.

Additionally, if the URL is malicious, the parameter returnUrl can be indexed as malicious by Google using SEO techniques. BlackSEO techniques can be used to leave the URL in search engines. search perfect fishing Exactly as we were talking about Google Persistent Cross-Site Scripting.

Websites exploited for BlackSEO by ReturnURL

This is a safe development veteran has pretty much controlled it. It’s surprising, especially on sites where parameter return URLs are used to mark URLs for redirects to “return” when an error condition occurs, unexpectedly or simply to “return”. Many sites still have this security problem.

Playing around with it, you can easily find out what the topic we are talking about in the book Hacking Web Technologies 3rd Edition Google. Many sites in the BlackSEO world that use the parameter returnUrlAnd search for commonly used words that have already been exploited and indexed, such as: This case for this domain.

Exploiting Weak ReturnURL

Be careful with URLs Improper handling of this parameter is exploited by programmers, so adding a domain without a protocol (http/s) creates an exact redirect. Note that there is no protection against indexing with proper indexing parameters. they are omitted.

So if someone creates a phishing website with a domain like the one above and indexes it, Google Perfect Phishing for, or any other domain with returnUrl Weak and BlackSEO indexed I have a domain. Finally, additional weaknesses in vulnerabilities facilitate automated attack plans that can damage an organization.

Hello Evil!

