目标网站target.com的SSO端点存在开放重定向漏洞,攻击者可利用此漏洞将用户重定向至恶意网站,引发钓鱼攻击或信任滥用。 2025-8-31 11:25:39 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏
Free Article Link: Click for free!
Press enter or click to view image in full size
Hello readers, today I want to share a security issue I came across during testing. It’s about an Open Redirect vulnerability in a Single Sign-On (SSO) endpoint on target.com. Although open redirects may look harmless at first, when placed inside authentication or SSO flows, they can lead to serious problems like phishing and trust abuse.
What is an Open Redirect?
An Open Redirect happens when a web application takes a user-supplied URL as input and redirects the user to that location without properly validating it.
For example, a link such as:
https://target.com/login?redirect=http://evil.comIf the application does not verify the redirect domain, a user can be sent to http://evil.com instead of a safe internal page. This can be abused by attackers to trick users into believing they are on the legitimate site, while actually landing on a malicious one.
Endpoint Vulnerable to Open Redirect
While testing, I found that the following SSO endpoint on target.com was not validating the redirect URL:
https://target.com/api/sso/v2/sso/jwt?error_url=http://evil.com如有侵权请联系:admin#unsafe.sh