• Google Authenticated Open Redirect




    Hello Guys!

    While Testing Google Security.I found Authenticated Open Redirect Vulnerability as Google Not Accept Open Redirects so It was not accepted so i decided to share this Unpatched Bug With You.

    Description:-

     https://appengine.google.com/ is a Website That Redirect the App Login to User Website which is Created on

    https://console.cloud.google.com/projectselector/appengine?src=ac&pli=1 This Website Redirect Form Through https://appengine.google.com/_ah/conflogin?continue=http://www.hackerwahab.com 

    Via Google Account Login.So if We Change www.hackerwahab.com to Any Malicious website open Redirect Works.



    Steps to reproduce:
    1.go to
    https://accounts.google.com/
    ServiceLogin/signinchooser?continue=https://appengine.google.com/_ah/conflogin?continue=http://www.hackerwahab.com/members&service=ah&ltmpl=gm&flowName=GlifWebSignIn&flowEntry=ServiceLogin
    2.Change www.hackerwahab.com with any malicious Site.
    3.Login With Google account Open Redirect Works

    Browser/OS: All

    Attack Scenario:-

    The attacker crafts a malicious URL that redirects users to a malicious site that performs phishing and installs malware.


    Video PoC:-

  • 1 comment:

    1. I DONT KNOW WHAT YOU HAVE BEEN THROUGH OR HOW LONG YOU HAVE BEEN LOOKING BUT THIS IS THE LAST STOP AS THERE IS A HACKER WHO CAN HELP YOU WITH SPY WARE ON YOUR CHEATING PARTNER OR UPGRADE YOUR SCHOOL SCORES OR HELP WITH RESULT AND CLEAR ANY CRIMINAL RECORD..

      HACKING OF FACEBOOK , EMAIL , AND BANK ACCOUNTS ARE HIS SPECIALTY.. EMAIL : GREENFR1007@GMAIL.COM OR SKYPE:SATISH.ANCHAN4

      BEST EVER

      ReplyDelete

    Powered by Blogger.