0x00 relevant background information
Due to the application of more and more needs and other third party interactive applications, as well as in its own internal Application according to a different logic the user will be directed to a different page, for example, a typical login interface is often required after successful authentication the user is directed to login before the page, the whole process if implemented poorly it could lead to some security issues, specific conditions may cause serious security vulnerabilities.
For the URL to jump to achieve generally there will be a few ways:
For example, a typical login jump are as follows:
<? php $url=$_GET['jumpto']; header("Location: $url"); ?>
If the jumpto does not have any restrictions, so a malicious user can submit
To generate their own malicious links, the security consciousness is LOW the user is likely to think the links show the content is www. tick. org which may result in fraud, and because of the QQ, Taobao wangwang and other online IM are URL-based filtering, while for some sites a white list of the way to let go, so lead to a malicious URL in an IM can be spread, resulting in harm, such as where IM will be considered www.wooyun.org 都 是 可信 的 that 但是 通过 在 IM 里 点击 上述 链接 将 导致 用户 最终 访问 evil.com the.
0x02 attacks and crimes against
Malicious users can borrow a URL jump vulnerability to spoofing security awareness low users, resulting in“winning”like fraud, which for some have an online business of companies such as Taobao, etc., great harm, while by means of the URL of the jump, you can also break common based on the“White List mode”of some security restrictions, such as traditional IM in for the URL of the propagation will be a security check, but for the large companies of the domain name and URL will be directly allowed to pass and the display will be the credibility of the URL, once the URL contains some jump vulnerability may cause security restrictions to be bypassed.
If you reference some resource limit is dependent on the“White List mode”, the same could be bypassed leading to security risk, such as common in some applications to allow the introduction of credible sites such as youku. com video, to limit the ways tend to be Check whether the URL is youku. com to achieve, if youku. com contains an url jump vulnerability, will lead to the eventual introduction of the resources belong to the untrusted third-party resources or malicious sites that ultimately lead to security issues.
0x03 actual case
a Tick: Baidu a URL jump vulnerability
By url jump break IM the security check, so the spread of malicious URL
b Tick: the fifth experience using the Taobao website jump network fishing
By url jump cheat trading users to the URL of the trust, in order to achieve fraud
Through the URL to jump to bypass the application of the referenced resource constraints, resulting in security vulnerabilities