Open-Redirect Vulnerability in udacity.com

Hey guys,

I am Anil Tom, in this article I am going to share the story about how I found Open-Redirect Vulnerability in Udacity. This is my first article, so if there is any mistake in it forgive me.

A great thanks to my masters and friends for the love and support.So let get started … This started when a friend of mine showed me a T-Shirt that he got from Udacity . So I thought why can’t I get one so I started doing Recon on the target Udacity . Within 5 to 10 mins testing I found a vulnerability on udacity.com which is an Open redirect.

What is Open-Redirect Vulnerability?

Open-Redirect is basically is not a high impact vulnerability , A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. 
Open redirection is listed in the OWASP Top 10 for 2013 and 2010 (10th position in both lists) since it is still an active threat in modern web applications. Openredirection occurs when a vulnerable web page is redirected to an untrusted and malicious page that may compromise the user. Open redirection attacks usually come with a phishing attack because the modified vulnerable link is identical to the original site, which increases the likelihood of success for the phishing attack.

How I find Open-Redirect on https://udacity.com

I just add the /google.com/ to https://udacity.com but it won’t redirect as expected

Then I thought that what if i will add one more /

I changed the URL like this https://udacity.com//google.co.in/ I execute this URL and as expected I redirect to the https://google.com

Then I tried this payload with other domain of udacity.com like https://in.udacity.com , https://eu.udacity.com it’s also vulnerable :-p

And I was like

Reported to https://udacity.com

Timeline

Jun 1 Reported the Issue

Jun 3 Initial Reply

Jun 3 Fixed

Jun 17 Swag Received

PoC Video :

Happy HACKING…!!