My Pentest Log -9- (Open Redirect Vulnerability in ASP)
Greetings from Kerkoporta to all,
Today, I would like to inform you about a vulnerability I encountered while performing ASP-based web penetration testing.
1. It was decided by our project manager that private.com tests would be performed by me.
2. After receiving the necessary information, I verified the scope form and rolled up my sleeves.
3. I started to apply the necessary pentest phases. I stated that the target is an ASP-based website, so what is the significance of this for us?
ASP can have configurations that can make security people’s hair go crazy, in my opinion, much stricter and more precise security rules can be applied on ASP compared to PHP and similar languages, which makes the tester incredibly tiring.
However, we can discover that there are some features and parameters that cause various vulnerabilities in some user-interactive ASP applications (You can experience this as you test it in ASP structures). I’m not sure if these features and parameters are created by default by ASP or used by ASP developers later on, but I have experienced that it causes vulnerability :)
While I was trying to detect the existence of these vulnerabilities in ASP on the private.com address by default, I observed that one of them was on the target application. So which parameter and which vulnerability?
Parameter : “?ReturnUrl=”
Vulnerability: Open Redirect VulnerabilityThe parameter I mentioned above is a parameter that is used effectively in member registration and member login fields in “ASP” structures. Since there is no filter on this parameter by default, we can redirect to any address we want. If you want to investigate the current problem in detail, you can review it at the address below:
https://www.codeproject.com/Questions/255280/what-is-the-returnurl-mean
4. Thanks to the situation I explained above, I detected the existence of the open redirect vulnerability on the relevant private.com address, and included it in my report with the necessary information and screenshots.
In summary:
After determining which programming language the application you are testing is written in, you can discover various security vulnerabilities on the target by examining the hardening rules on the relevant programming language and having the opportunity to discover which methods, which parameters and features are weak by default.
