Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,240 --> 00:00:05,880
Now let's check out our first vulnerability open redirect, also known as unvalidated redirects and
2
00:00:05,880 --> 00:00:11,580
forwards, open redirects happens when the application takes an unprecedented put and redirects the
3
00:00:11,580 --> 00:00:17,460
user from the Web application to an untrusted site or resource that will be used further for malicious
4
00:00:17,460 --> 00:00:18,010
purposes.
5
00:00:18,360 --> 00:00:23,850
The impact of an open redirect is usually set too low unless you're using it to escalate another vulnerability
6
00:00:24,180 --> 00:00:33,660
to think about open redirect as a user sharing link on Facebook and an email on SLOK, where it shows
7
00:00:33,660 --> 00:00:34,950
a trusted website.
8
00:00:34,950 --> 00:00:39,320
But once you click on it, it will redirect you to a malicious site controlled by an attacker.
9
00:00:39,540 --> 00:00:42,780
But in a lot of cases, it may not be as straightforward as it sounds.
10
00:00:42,790 --> 00:00:49,230
A lot of times developers either define a trusted or untrusted lots of resources to limit the exposure
11
00:00:49,230 --> 00:00:51,560
of where you can actually direct the users to.
12
00:00:52,170 --> 00:00:56,790
But if you understand how this limitation of filters work, you may be able to bypass it.
13
00:00:57,000 --> 00:01:01,650
So, for example, as I mentioned earlier, you can go to example, dot com login and next page would
14
00:01:01,650 --> 00:01:03,300
be Google and you go to Google.
15
00:01:03,300 --> 00:01:06,990
If you put in Google dot com and that parameter, this may be allowed.
16
00:01:07,500 --> 00:01:11,890
If you go to example dot com and you put an evil site where evil site as an untrusted resource that
17
00:01:11,890 --> 00:01:17,240
the developers have not defined in their white listing and the application is going to clean it.
18
00:01:17,700 --> 00:01:23,340
However, if you combine the two because the application is expecting to have Google somewhere in that
19
00:01:23,340 --> 00:01:29,970
stream for next page, you have it after question mark or before as a subdomain and different variations
20
00:01:29,970 --> 00:01:32,250
of it, you may be able to bypass those restrictions.
21
00:01:32,460 --> 00:01:38,280
So as I mentioned earlier, if you have a website that says log in next page and after logging in is
22
00:01:38,280 --> 00:01:41,400
going to be directed to Google dot com, that is going to be allowed.
23
00:01:41,490 --> 00:01:47,820
However, if you change Google dot com to evil site where evil site is not defined in the pre submitted
24
00:01:48,150 --> 00:01:52,950
whitelist and websites as a part of the filtering, it's not going to be allowed and the Web application
25
00:01:52,950 --> 00:01:56,460
may come back and say, hey, this is not allowed or it was not trusted.
26
00:01:56,670 --> 00:02:02,340
However, if you combine the two, if you put evil site dot com slash Google dot com or Google dot com
27
00:02:02,340 --> 00:02:08,180
was a lot earlier, this may actually work because the filtering system in place is just looking for
28
00:02:08,180 --> 00:02:08,640
that stream.
29
00:02:08,640 --> 00:02:09,510
Google dot com.
30
00:02:09,540 --> 00:02:14,910
As long as that's in that string, as long as it shows up, is going to allow the application to use
31
00:02:14,910 --> 00:02:18,900
it, even though it could be invalid and it may still go to evil site dot com.
32
00:02:19,590 --> 00:02:23,040
Now, let's look at this on an actual example application.
3718
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.