Open Redirection into Bentley System

Hello, Hackers Welcome to another write-up where I have shared a scenario of Open Redirection…

Let's understand what is open redirection vulnerability:

An Open Redirection is when a web application or server uses a user-submitted link to redirect the user to a given website or page. Even though it seems like a harmless action, to let a user decide on which page he wants to be redirected to if exploited such a technique can have a serious impact, especially when combined with other vulnerabilities and tricks.

During my testing, I discovered a subdomain and I just search on google but was not able to find anything….:(

I just open paramspider and fuzz for parameters suddenly I came out with one parameter which is post redirect URI path which is vulnerable to open redirection.

Affected Uri:- *.bentley.com/connect/endsession?post_logout_redirect_uri=https://attacker.com

post_logout_redirect_uri= is vulnerable

Understand the impact of open redirection

A user will be triggered by XSS attacks.

Phishing Attack.

Shared a Video Proof of Concept where you’ll be able to understand the attack.

Youtube:- https://youtu.be/mGePGEVT3XU

Thanks for taking the time to read my write-up and share it with your friends, Like & Follow for more updates.

Follow me:

Instagram

Twitter

Facebook

LinkedIn

--

--

--

SECURITY ANALYST | SECURITY RESEARCHER | ACK. BY APPLE, MICROSOFT, SAMSUNG, SOUNDCLOUD, ACCENTURE, TAKEAWAY & MANY MORE | R&D IN BLOCKCHAIN TECH | B.TECH IN CSE

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Log4Shell: RCE 0-day exploit found in log4j 2

Stake THETA to the GPooL Guardian Node (GN) Guides

CoinTiger Futures Adds ENJ Perpetual Contract Trading at 18:00 on September 29, 2020

Cloudbric Progress Report (4/5 ~ 5/8)

DigiCol Partners With Polygon to provide an enhanced user experience for the users without the…

✅ Withdraw Approved

CoinTiger Pool Adds DOGECOIN

Exploring Network Hacking

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amit Kumar Biswas @Amitlt2

Amit Kumar Biswas @Amitlt2

SECURITY ANALYST | SECURITY RESEARCHER | ACK. BY APPLE, MICROSOFT, SAMSUNG, SOUNDCLOUD, ACCENTURE, TAKEAWAY & MANY MORE | R&D IN BLOCKCHAIN TECH | B.TECH IN CSE

More from Medium

Hacked REDBUS WordPress plugin and able to perform Cross-site Scripting Vulnerability….

Account Takeover [Via Broken Access Control]

Exploiting a File Upload Vulnerability  — A Directory Traversal Attack

The time I hacked a Fortune 500 company, but it was out of scope.