Open redirect
An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.
Security Misconfiguration (SM)
How this template works
APIs Selection
The API selection filters in this template are used to filter and select the specific requests that need to be modified. It checks for a response code of 302 (redirect) and then checks if the location value in the response matches the specified conditions using different methods such as request payload, query parameter, or request headers.
Execute request
In the execute section, the template modifies the request by replacing the payload_location_key with the value obtained from the sample_response_headers.location. It modifies the query parameter, body parameter, and header of the request by appending the payload_location_value to the URL of the malicious domain (http://evil.com/?p=${payload_location_value}). The follow_redirect parameter is set to false to prevent automatic redirection.
Validation
The validation section checks the response code to ensure it is still 302 (redirect). It then checks the response headers to validate if the location header contains the domain "evil.com". If the conditions are met, the validation is successful, indicating that the open redirect vulnerability has been exploited successfully.
Frequently asked questions
What is the purpose of the "Open redirect" vulnerability test in this array
How does the test determine if the vulnerability exists
What actions are taken if the vulnerability is detected
How is the test validated
What is the severity level assigned to this vulnerability
What are some of the tags associated with this vulnerability
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,
Rippling
Explore other tests
eSMTP - Config Discovery
Nginx - Git Configuration Exposure
Laravel - Sensitive Information Disclosure
Docker Container - Misconfiguration Exposure
Msmtp - Config Exposure
Parameters.yml - File Discovery
Mongo Express - Unauthenticated Access
Apache Airflow Configuration Exposure
Dockerrun AWS Configuration Exposure
Apache Config file disclosure
Appspec Yml Disclosure
CGI script environment variable