Скачать или смотреть Open redirection: can automatic redirection be harmful?

Open redirection: can automatic redirection be harmful?

openredirectionphishingkacperszurekfrom0topentestingheropentestpentestingbugbountytipsbugbountybanksendredirectservletjavafraudbypassslashfilter

Скачать Open redirection: can automatic redirection be harmful? бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Open redirection: can automatic redirection be harmful? или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку Open redirection: can automatic redirection be harmful? бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Open redirection: can automatic redirection be harmful?

We are used to the fact that websites contain links to another web services.
But, can automatic redirection to external domain be harmful?
Subscribe: https://www.youtube.com/c/KacperSzure...

If a part of the site's resources is available only to logged in users - after switching to restricted a subpage as a guest, we are
redirected to the login form.
Often in the URL we can find parameters like 'redirect' or 'next', indicating the subpage to be displayed after authorization.
Today we will talk about these parameters and about the vulnerability called Open redirection.

The described functionality is easy to implement.
When the browser receives the Location header, it takes us to the address it leads to.
Normally, we pass here the address of the page to be displayed after logging in.
However, nothing prevents you from passing a different domain than the one currently used in this parameter.
Now you can ask a question: but what's wrong with that?

To understand why - we have to learn what the phishing attack is.
Phishing is a method of fraud where we impersonate someone or something to obtain some information that is interesting to us.

Example: we receive an email from our bank that someone tried to break into our account and for security reasons, we must change the account's password.
As we are aware of the danger - we check the address of the domain to which the link in the message directs.
The domain looks good - it is identical to the domain of our bank.
We click on the link and proceed to the password change procedure.
However, somehow we reach the website of the fruad who wants to extort our data.
But how did this happen?
The bank's website was vulnerable to open redirection - and the attacker made use of the confidence that is put in financial institutions and passed the particular redirection parameter.
While validating the name of the domain - the user saw the authentic domain of the bank, but he did not check the parameters following it.

Twitter: / kacperszurek
Website: https://security.szurek.pl/
Github: https://github.com/kacperszurek/

Icon made by Freepik, Maxim Basinski from www.flaticon.com

#from0topentestinghero #java #phishing

Комментарии

Информация по комментариям в разработке