Open redirect subdomain whitelist
An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain by leveraging subdomain whitelisting.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template are used to filter the responses based on specific criteria. In this case, the filters check for a response code of 302 (redirect) and extract the value of the "location" header from the response.
The execute section of the template defines the actions to be performed on the request. It modifies the query parameter, body parameter, and header of the request by replacing the value of the "location" key with a malicious URL constructed using the extracted value from the response. It also disables following redirects.
The validation section checks the response code and response headers of the modified request. It ensures that the response code is still 302 (redirect) and that the "location" header contains either "evil.com". This validates that the modification was successful and the redirection is happening as intended.
Frequently asked questions
What is the purpose of the "Open redirect subdomain whitelist" test
How does an open redirection vulnerability occur
What is the impact of the "Open redirect subdomain whitelist" vulnerability
What category does the "Open redirect subdomain whitelist" vulnerability fall under
What are the severity and tags associated with the "Open redirect subdomain whitelist" vulnerability
How does the test modify the payload to exploit the vulnerability