Session Unvalidated Redirects and Forwards

1. Unvalidated Redirects and Forwards
2. -----------------------------------
3. Attacker links to unvalidated redirects and tricks victim into clicking it, attacker targets unsafe forwards to bypass security check.
4.  
5. eg http://anywebsite.com/redirect.jsp?url=evil.com
6.  
7. ->->url=evil.com<-<-
8. SO in layman terms you have to find a parameter like url or some parameter similar to url parameter that may have any tendency to redirect somewhere
9.  
10. www.somewebsite.com/product?url=somewebsite.com/home
11.  
12.  
13. MOST COMMONLY USED PARAMETERS---->
14. ->
15. DEST
16. REDIRECT
17. URL
18. URI
19. PATH
20. CONTINUE
21. WINDOW
22. TO
23. OUT
24. VIEW
25. DIR
26. SHOW
27. NAVIGATION
28. OPEN
29. URL
30. FILE
31. VAL
32. VALIDATE
33. DOMAIN
34. CALLBACK
35. RETURN
36. PAGE
37. FEED
38. HOST
39. PORT
40. NEXT
41. DATA
42. SITE
43. HTML
44. PORT
45. REFERENCE=somelink
46.  
47.  
48.  
49.  
50. step 1: 127.0.0.1/lvs111
51. step 2: click on Unvalidated Redirects and forwards.
52. step 3: click on Manual redirects.
53.  
54.  
55.  
56.  
57.  
58. _____________________________________
59.  
60. File Inclusion :
61.  
62. File inclusion is a vulnerability that lets hacker include files in a website(view or open files) with help of a file inclusion mechanism.
63.  
64. File inlusion is of Two Types:
65.  
66. 1. LFI- Local File Inclusion: Hacker includes files that are in the local server.
67. 2. RFI- Remote file Inclusion: Hacker includes file that are in remote server
68.  
69.  
70. step 1: start XAMPP ,Start mysql,apache
71. step 2 : Change the security to low
72. step 3 : Go to file inclusion ,read where is the include function
73. step 4 : write file4.php there
74. or
75. step 5 : if you want include your file just save a notepad file in the file inclusion directory of dvwa in htdocs in your computer
76. goto c drive -> xampp-> htdocs -> dvwa -> vulnerabilities ->file inclusion -> fi-> save a notepad file here