HTTP - Open redirect

We got a simple website where we can simply go to facebook, twitter or so on. The challenge is to make the website redirect to any other website rather than the given option. image

As usual, I started to check the source code and just look for request and response over BURP image

Let's make some changes over the request and try to redirect to evil.com instead.

image

Well, interesting,the redirection is primarily checking for the hash and if its incorrect, the redirection gets failed. These are the hash and its respective site for the redirection.

image

Looks like MD5 but let's check it from https://hashes.com/en/tools/hash_identifier

image

I got the logic. Let's reverse it image

Okay, everything crystle clear.

echo -n "https://evil.com" | md5sum
-> 7a1eb5272a0de83226e7a50d14334056

Wallah, we got the flag.

image

Resource used:

  • https://hashes.com/en/tools/hash_identifier
  • https://askubuntu.com/questions/53846/how-to-get-the-md5-hash-of-a-string-directly-in-the-terminal