Everything is vulnerable, as they say. The trend seems to be getting worse with the ever increasing number of connected “smart” devices.
What matters is, how one addresses what is vulnerable and how quickly.
Yesterday, my regular Monday morning started with a 32 oz. mug of coffee and receiving an email invite to join an online network from a random member of University of Nebraska Omaha, who probably mistook my highly common name for someone else at the university. Nevertheless, I went ahead and signed up for the cool-looking site, StartupTree. There’s something about the buzzwords “entrepreneurship”, “startups”, “venture capitalists” etc. that send me back to my undergraduate years!
Moments later, I noticed the signup page was using a GET parameter in the URL called next. As any web developer would probably be familiar with, GET parameters named “next” or “url” are typically used to redirect the user to a specified (typically internal) URL post signup or login, such as the user account Dashboard. That is:
https://*.startuptree.co/login?next=<.../some/internal/page>
There I found a simple yet dangerous Open Redirect Vulnerability (CWE-601). Upon changing the value of next parameter to an external domain URL, such as https://google.com the website redirected the user to the…
