Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Next.js <1.2.3 - Open Redirect

By kannthu

Medium
Vidoc logoVidoc Module
#redirect#nextjs
Description

What is the "Next.js <1.2.3 - Open Redirect?" module?

The "Next.js <1.2.3 - Open Redirect" module is designed to detect an open redirect vulnerability in Next.js, a popular JavaScript framework for building server-side rendered React applications. This vulnerability allows an attacker to redirect users to malicious websites by manipulating the URL path.

This module has a medium severity level, indicating that it can potentially lead to unauthorized access or phishing attacks.

Author: DhiyaneshDk

Impact

An open redirect vulnerability in Next.js can be exploited by attackers to trick users into visiting malicious websites. This can lead to various consequences, including:

- Phishing attacks: Attackers can create deceptive URLs that appear legitimate to users, leading them to disclose sensitive information or perform unintended actions. - Malware distribution: By redirecting users to malicious websites, attackers can distribute malware, such as viruses or ransomware, to compromise users' devices. - Identity theft: Attackers can use open redirects to impersonate legitimate websites and steal users' login credentials or personal information.

How does the module work?

The "Next.js <1.2.3 - Open Redirect" module works by sending a specific HTTP request to the target application and analyzing the response. It checks for the presence of an open redirect vulnerability by verifying if the response contains a specific HTTP header and status code.

Here is an example of an HTTP request sent by the module:

GET /_next/image?url=/\\/\\interact.sh/&q=100&w=128&h=128

The module then applies the following matching conditions:

- Header condition: It checks if the response header contains the following location: /\\/\\/interact.sh. - Status code condition: It verifies if the response status code is 308.

If both conditions are met, the module identifies the presence of an open redirect vulnerability in the Next.js application.

Reference: https://github.com/netlify/netlify-ipx/security/advisories/GHSA

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/_next/image?url=/\/...
Matching conditions
word: Location: /\/\/interact.shand
status: 308
Passive global matcher
No matching conditions.
On match action
Report vulnerability