Shulou(Shulou.com)05/31 Report--

Editor to share with you the example analysis of URL redirection in pikachu, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

URL redirection

Brief introduction:

The status code of the redirect response of the HTTP protocol is 3xx. When the browser receives the redirect response, it will adopt the new URL provided by the response and load it immediately.

In most cases, the redirect operation is invisible to the user, except for a small amount of performance loss.

Different types of redirect mappings can be divided into three categories: permanent redirection, temporary redirection, and special redirection.

HTTP status code:

300 Multiple Choices: optional redirection, indicating that the resource requested by the customer has been redirected to another address, but does not specify whether it is a permanent redirection

Or a temporary redirect.

301 Moved Permancently: permanent redirect, as above, but this status informs the customer that the requested resource has permanently existed in the new redirected

On URL.

Moved Temporarily: temporary redirection. In HTTP1.1, the status description is Found, which is the same as 300, but indicates that the requested resource is temporarily transferred.

Move to the new URL, which may change again later or the URL will normally request the customer's connection.

303 See Other: similar to 301 See Other 302, except that if the original request is a redirect target document specified by the POST,Location header, it should pass through the

GET extraction (HTTP 1.1 new).

Not Modified: it's not really a redirect-it responds to conditional GET requests and avoids downloading data that already exists in the browser cache.

Use Proxy: the documents requested by the customer should be extracted through the proxy server specified in the Location header (HTTP 1.1 new).

306 (abandoned, not in use)

307 Temporary Redirect: same as 302 (Found). Many browsers will mistakenly redirect in response to a 302 reply, even if the original request is POST

Even if it can actually be redirected only if the response to the POST request is 303 For this reason, 307 has been added to HTTP 1.1in order to further eliminate the number of regions.

Status codes: when a 303 response occurs, the browser can follow the redirected GET and POST requests; if the response is 307, the browser can only follow the GET request

The redirection of. (HTTP 1.1 New)

Common parameters for redirection:

Redirect

Redirect_to

Redirect_url

Url

Jump

Jump_to

Target

To

Link

Linkto

Domain

Redirect position:

1. Users log in, unified identity authentication office, and will jump after authentication.

After users share and collect content, they will jump.

After cross-site authentication and authorization, it will jump.

When you click on other URL links within the site, you will jump.

Bypass the train of thought:

Single slash "/" bypass

Https://www.landgrey.me/redirect.php?url=/www.evil.com

Lack of protocol bypass

Https://www.landgrey.me/redirect.php?url=//www.evil.com

Multi-slash "/" prefix bypass

Https://www.landgrey.me/redirect.php?url=///www.evil.com

Https://www.landgrey.me/redirect.php?url=www.evil.com

Use the "@" symbol to bypass

Https://www.landgrey.me/redirect.php?url=https://www.landgrey.me@www.evil.com

Use the backslash to bypass

Https://www.landgrey.me/redirect.php?url=https://www.evil.com\www.landgrey.me

Use the "#" symbol to bypass

Https://www.landgrey.me/redirect.php?url=https://www.evil.com#www.landgrey.me

Use "?" Number bypassing

Https://www.landgrey.me/redirect.php?url=https://www.evil.com?www.landgrey.me

Use "\" to bypass

Https://www.landgrey.me/redirect.php?url=https://www.evil.com\\www.landgrey.me

Take advantage of. Bypass

Https://www.landgrey.me/redirect.php?url=.evil (may jump to www.landgrey.me.evil domain name)

Https://www.landgrey.me/redirect.php?url=.evil.com (may jump to evil.com domain name)

10. Repeat special character bypass

Https://www.landgrey.me/redirect.php?url=///www.evil.com//..

Https://www.landgrey.me/redirect.php?url=www.evil.com//..

Vulnerability hazards:

The most direct one is fishing.

Vulnerability Prevention:

1. The code has a fixed jump address and does not allow the user to control variables.

The jump target address adopts whitelist mapping mechanism.

Check the destination address of the jump reasonably and fully, and inform the user of the jump risk if it is not your own address.

URL redirection:

When you click here, you can complete the jump.

You can see here that the url parameter is attached.

When we transpose I to another URL, we find that we can redirect the access.

The above is all the content of the article "sample Analysis of URL Redirection in pikachu". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.