Ans:
A server side HTTP Redirection Occurs When Application Take user input data and and incorporates it into a URL that it retrieves using a backend
HTTP request .For ex if user's input will be 192.168.43.1 server will send and HTTP request to the 192.168.43.1 which means Your are able to make HTTP requests on behalf of the Server.
Consider the following example of a front-end request, in which the loc
parameter is used to specify which version of a CSS fi le the client wants to use:
POST /account/home HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: wahh-blogs.net
Content-Length: 65
view=default&loc=online.wahh-blogs.net/css/wahh.css
if The Web Appilication is vulnerable and Attacker send the payload like This:
POST /account/home HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: blogs.mdsec.net
Content-Length: 65
view=default&loc=192.168.0.1:22
The application’s response includes the banner from the requested SSH service:
HTTP/1.1 200 OK
Connection: close
SSH-2.0-OpenSSH_4.2Protocol mismatch
An attacker can exploit server-side HTTP redirection bugs to effectively use the
vulnerable application as an open HTTP proxy to perform various further attacks
Where To Spearch for This Vulnerability:
-Identify all the parameters that contains the ip addresses and Host names.
-For each Parameter Modify The parameter value to the Server that you control,
and monitor that server for incoming connections from the application
you are testing.
-if This is Unseccessful Moniter the Response Time taken by the Appilication. if Itz too high then web app can be Vulnerable.
Comments
Post a Comment