Wednesday, May 16, 2012 0 comments
Recently i noticed a vulnerability in Google Books which has been merged into Google Play. It has a open redirection vulnerability in http://books.google.com/
I have also reported it to Google security team and got positive reply. But this vulnerability does not fall into Google's reward program and vulnerability still exists on the website.
What is Open Rediection Vulnerability?
If a website have unvalidate redirction then it is called Open redirection vulnerability. Open redirects and forwards is the vulnerability when an attacker uses popular websites URL to redirect the victim to a malicious website.
This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
When any user will click on the above link, he will be redirected to the URL http://www.anydomain.com. Change this according to your redirection URL
Change this URL to any URL where you want to redirect visitors
Attacker can hide this URL into fake tokens and parameters as below
http://books.google.com/search?btnI&tok=nsvn34t8nv92 n92v5n 939kgdgfnbsjdfbsfsfsfsfsfsbfsbjfbsjfbs&q=http://www.anydomain.com&tic=238758cci4y7y7vvy3v7 rt73vt3v3vvsmdvbgjgjs
This vulnerability only redirect to a .com domain. When i tested with domain with extensions other than .com, it opens a search page for that domain.
Although this vulnerability does not fall into high risk category, but it can be used for phishing or malware serving.