Soheil Khodayari (CISPA Helmholtz Center for Information Security), Kai Glauber (Saarland University), Giancarlo Pellegrino (CISPA Helmholtz Center for Information Security)

Open redirects are one of the oldest threats to web applications, allowing attackers to reroute users to malicious websites by exploiting a web application's redirection mechanism. The recent shift towards client-side task offloading has introduced JavaScript-based redirections, formerly handled server-side, thereby posing additional security risks to open redirections. In this paper, we re-assess the significance of open redirect vulnerabilities by focusing on client-side redirections, which despite their importance, have been largely understudied by the community due to open redirect's long-standing low impact. To address this gap, we introduce a static-dynamic system, STORK, designed to extract vulnerability indicators for open redirects. Applying STORK to the Tranco top 10K sites, we conduct a large-scale measurement, uncovering 20.8K open redirect vulnerabilities across 623 sites and compiling a catalog of 184 vulnerability indicators. Afterwards, we use our indicators to mine vulnerabilities from snapshots of live webpages, Google search and Internet Archive, identifying additionally 326 vulnerable sites, including Google WebLight and DoubleClick. Then, we explore the extent to which their exploitation can lead to more critical threats, quantifying the impact of client-side open redirections in the wild. Our study finds that over 11.5% of the open redirect vulnerabilities across 38% of the affected sites could be escalated to XSS, CSRF and information leakage, including popular sites like Adobe, WebNovel, TP-Link, and UDN, which is alarming. Finally, we review and evaluate the adoption of mitigation techniques against open redirections.

View More Papers

A Comprehensive Memory Safety Analysis of Bootloaders

Jianqiang Wang (CISPA Helmholtz Center for Information Security), Meng Wang (CISPA Helmholtz Center for Information Security), Qinying Wang (Zhejiang University), Nils Langius (Leibniz Universität Hannover), Li Shi (ETH Zurich), Ali Abbasi (CISPA Helmholtz Center for Information Security), Thorsten Holz (CISPA Helmholtz Center for Information Security)

Read More

Do We Really Need to Design New Byzantine-robust Aggregation...

Minghong Fang (University of Louisville), Seyedsina Nabavirazavi (Florida International University), Zhuqing Liu (University of North Texas), Wei Sun (Wichita State University), Sundararaja Iyengar (Florida International University), Haibo Yang (Rochester Institute of Technology)

Read More

CASPR: Context-Aware Security Policy Recommendation

Lifang Xiao (Institute of Information Engineering, Chinese Academy of Sciences), Hanyu Wang (Institute of Information Engineering, Chinese Academy of Sciences), Aimin Yu (Institute of Information Engineering, Chinese Academy of Sciences), Lixin Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Dan Meng (Institute of Information Engineering, Chinese Academy of Sciences)

Read More

Detecting IMSI-Catchers by Characterizing Identity Exposing Messages in Cellular...

Tyler Tucker (University of Florida), Nathaniel Bennett (University of Florida), Martin Kotuliak (ETH Zurich), Simon Erni (ETH Zurich), Srdjan Capkun (ETH Zuerich), Kevin Butler (University of Florida), Patrick Traynor (University of Florida)

Read More