Katelyn  Heller

Katelyn Heller

1619842560

Open Redirect Vulnerability Explained

😊 First video A quickie on Open Redirects.

#web-development #developer

What is GEEK

Buddha Community

Open Redirect Vulnerability Explained

Guide To WordPress Redirects (Steps To Follow)

This is image title

You will observe that many of your URLs have been changed whenever you redesign your website. This is also applicable whenever you made certain changes to its permalink structure. Ultimately, it creates a big issue for users as well as search engines.

Here, comes the role of WordPress redirects which contributes to providing a simple solution. Whenever you make use of a redirect, your visitors would not be negatively impacted. This is something that will keep your search engine rankings intact.

If you are thinking about how to do redirects in WordPress, then don’t worry as this article will provide you a detailed guide on this.

What Is A Page Redirect?

This is a set of rules which tells a browser to forward your visitors from a specific link they clicked on to a diverse page.

Whenever you redirect a page, there are mainly two outcomes for your end-users. Either, they will see a redirection message or they will be simply redirected without any notification.

This is image title

Adding redirects becomes important whenever you have redesigned your website, made certain updates to your permalinks, or changed your domain. This is necessary to make your pre-existing content accessible to search engines as well as readers.

So, it can be said, that you are forwarding your users to a completed new web page with the help of these redirects.

When You Should Focus On Redirecting A Page?

There are many reasons, for which you may wish to redirect URLs on your website. Some of the most common reasons for this include the following:

  • The URL of the page is changing.
  • A specific page that is no longer relevant.
  • Focusing to move your domain from HTTP to HTTPS.
  • You are deleting or moving your content.
  • You are changing your original domain name or making use of a different domain.

Additionally, redirects can also help you to make sure that if a page is missing or broken, then the users will be sent along with the other content of your website without any sort of interruption.

Different Types Of Redirects To Know About

There are some of how you can make use of a redirect. Not only that but there are many other types as well. Below, you will find some of the most common redirect methods which you might need to use.

(A) 301 Permanent Redirect

If you are permanently deleting or moving a page, then this redirect is generally used. It may be used when you are considering moving your website from one URL to another or you are switching to a new hosting service.

(B) 302 Temporary Redirects

This is a temporary redirect that should be used with caution as well as tested for browser compatibility. Also, this redirect tells the user that the file that you are looking for exists. But, it is not loading for some particular reason.

After that, the users are offered an alternative option. These redirects can again carry SEO penalties specifically for long-term use. So, this is a good option for temporary websites.

© 303 See Other

This is considered to be very important specifically in terms of security. Often, this is used as a replacement for the 302 redirects whenever issues arise. This type of redirect prevents users from submitting the same information more than once.

They will be redirected to a different page once they submit their information. You can also prevent refreshing or bookmarking sensitive data like credit card information. So, this prevents users from making any mistakes like accidentally purchasing the same item twice.

(D)307

This redirect is similar in functionality as well as purpose to the 303 redirects. Here, the main difference lies in the way, in which it receives and sends information.

Only, one data exchange method is used in this case. So, this can be called a true temporary redirect. But, a 303 redirect makes use of two methods.

(E)308

This is known to be a permanent redirect similar to 301 redirects. It is mainly used whenever the location of a file has changed.

The main difference existing between 308 and 301 is that the 308 can only make use of the POST method whereas a 301 can specifically change the HTTP method from POST to GET.

(F) HTTP To HTTPS Redirect

There are several advantages of an HTTPS URL over an HTTP URL both in terms of SEO and security. However, you will need to set up a redirect that forces browsers to display the HTTPS version of your pages.

[Learn more]

#how to do redirects in wordpress #wordpress 301 redirects #wordpress plugin for 301 redirects #wordpress redirects #wordpress redirects to another site #wordpress redirects to https

Gloria magee

Gloria magee

1618472877

Cannot start Microsoft Office Outlook

On this site, you’ll see working methods to repair the “can’t start Microsoft Outlook” issue. Additionally, these methods can enable you to get up your Outlook and running again without any mistakes.

Now, let us see how it is possible to fix and prevent a much worse situation when you can’t start Outlook. But first, we’re beginning from the reason and symptoms of the mistake.

Recover your Outlook with Outlook PST Recovery.

Which are the causes and symptom of the “Don’t start Microsoft Outlook” mistake?

The most important symptom of the matter is quite clear and readily identifiable. After you click on Outlook you’ll discover a dialogue box appears and can be hanging for a little while, then you receive the “can’t start Microsoft view. cannot open the outlook window. The set of connections can’t be opened” error.

Can’t start Microsoft Outlook

In case the file has corrupted then you are going to discover that its dimensions become kb.

Additionally, there’s absolutely no specific cause for this mistake, but all versions of MS Outlook from 2003 into Outlook 2019 might be impacted. Anyhow, whatever the motive is, the result is the same – you can’t start Outlook. . And the answers for this query are given below.

Workarounds to Solve “Don’t start Microsoft Outlook” problem

Now you understand the reasons why causes “can’t start Microsoft outlook. Cannot open the view window. The collection of folders cannot be opened” problem. Therefore, let us see how to have them repaired. Below there are 2 workarounds that fix this situation.

1. Recover the Navigation Pane configuration file

Typically it’s the corrupt Navigation Pane settings file that limits Microsoft Outlook from the beginning, so the first thing you have to do would be to regain it. Here is how you can do this task:

Click on the Start button.

Following that, Compose the"outlook.exe /resetnavpane" control and click on OK.

If you discover any difficulty and unable to recoup the Navigation pane settings document, then attempt to manually delete the XML file which stores the navigation pane configurations. To do this, go using the next measures:

It’ll open the folder in which MS Outlook Setup files are saved.

Cannot start Microsoft Outlook

2. Repair your Outlook data files with the help of Scanpst.exe.

Then default Outlook data file PST may be damaged or deleted, that’s the reason you can’t start Outlook. The document Outlook.pst isn’t a personal folders file"

To do so, do the Actions listed below:

Below you’ll discover Scanpst.exe from the listing. Double click it.

Additionally, you can go via Start and kind scanpst.exe from the Search box.

Following that, you’ll discover a window click the Browse button to choose your default Outlook.pst file.

After a couple of minutes, your document is going to be fixed.

Hopefully, your document got fixed. If not Then You Need to attempt the alternative provided below:

The majority of the time it fixes the documents. However, if the corruption is intense then this instrument fails. In these situations, you want to utilize PST File Retrieval designed by Mailconvertertools. A novice user can utilize this tool and fix their own Outlook PST files. It’s the very best way to recuperate and fix Outlook PST files and it simplifies all the constraints of the Inbox Repair Tool.

Conclusion

This technical manual is all about how to resolve “can’t start Microsoft outlook. Cannot open the view window. The collection of folders cannot be opened” I am hoping that your issue has been solved. When there’s any difficulty regarding any measure then don’t hesitate to contact.

#cannot open the outlook window #the set of folders cannot be opened outlook #outlook the set of folders cannot be opened #the set of folders cannot be opened outlook 2016 #outlook the information store cannot be opened #outlook information store could not be opened

Weak Cryptography Leads To Open Redirect

Hello Everyone!,

I hope you are doing good and safe. If you are a noob in bug hunting you can check my previous blog and today I am going to share an interesting finding of mine, that is Open Redirect Vulnerability.

What is Open Redirect?

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users and even if they verify these features, they will not notice the subsequent redirection to a different domain.

Let’s start!, We call our target as target.com. My first step is to always do recon because it plays an important role in finding bugs. Through waybackurls tool, I got many endpoints of the target and then I filtered the URLs having “redirect” parameter through grep command and the result was like this:

https://login.target.com/login?redirect=aHR0cHM6Ly9hcHAudGFyZ2V0LmNvbS9kYXNoYm9hcmR8MzJ8YUhSMGNITTZMeTloY0hBdWRHRnlaMlYwTG1OdmJTOWtZWE5vWW05aGNtUT0%3D

first of all, I copied the redirect value and changed “%3D” to “=” (URL-decoded), so now its look like this:

aHR0cHM6Ly9hcHAudGFyZ2V0LmNvbS9kYXNoYm9hcmR8MzJ8YUhSMGNITTZMeTloY0hBdWRHRnlaMlYwTG1OdmJTOWtZWE5vWW05aGNtUT0=

Its look like Base64 Encoded value so straight forward I decoded it and got this:

https://app.target.com/dashboard|32|aHR0cHM6Ly9hcHAudGFyZ2V0LmNvbS9kYXNoYm9hcmQ=

For a few seconds, I was wondering what the hell it is after URL. then I got to know that “32” is the length of the URL from “https” first “h” to “dashboard” last “d” and after this, they have given a token which is nothing but just Base64 Encoded value of the URL.

#vulnerability #open-redirect #infosec #security #bug-bounty

Ron  Cartwright

Ron Cartwright

1603512000

Facebook, News and XSS Underpin Complex Browser Locker Attack

A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The effort is more advanced than most, because it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site, researchers said.

Browser lockers are a type of redirection attack where web surfers will click on a site, only to be sent to a page warning them that their computer is infected with “a virus” or malware. The page then typically urges targets to call a number on the screen for “tech-support help.” If they fall for it, they’re connected to a call center where they’re asked to pay a fee to “clean” their machines.

In a recent, widespread campaign, cyberattackers are using Facebook to distribute malicious links that ultimately redirect to a browser locker page, according to researchers. The links may be propagated through Facebook games, researchers at Malwarebytes noted in a post outlining its findings on Wednesday.

“The campaign we looked at appears to exclusively use links posted on Facebook, which is fairly unusual considering that traditionally tech-support scams are spread via malvertising,” said Malwarebytes researcher Jérôme Segura.

Facebook issues a pop-up to users, asking them to confirm the redirection – but the destination is obscured by the fact that the link is a bit.ly shortened URL, he added.

Overall, the firm discovered 50 different bit.ly links being used for the scam over a three-month period, “suggesting that there is regular rotation to avoid blacklisting,” Segura said.

XSS Vulnerability

The bit.ly URLs redirect to a Peruvian website called RPP, which is “perfectly legitimate and draws over 23 million visits a month,” Segura said. He added that he reported this issue to Grupo RPP but had not heard back at the time of publication.

He found that the site contains an XSS bug that allows for an open redirect. Open redirects happen when parameter values (the portion of URL after “?”) in an HTTP GET request allow for information that will redirect a user to a new website without any validation that the target is intended or legitimate. So, an attacker could manipulate that parameter to send a victim to a fake page, but the action would appear to be a legitimate action intended by the website.

The redirection flow of the campaign. Click to enlarge. Source: Malwarebytes.

“Threat actors love to abuse open redirects as it gives some legitimacy to the URL they send victims,” according to researchers .

In this case, the threat actors are using the XSS bug to load external JavaScript code from buddhosi[.]com, a malicious domain controlled by the attackers, which substitutes code in the URL to create a redirect.

“The JavaScript in turn creates the redirection to the browlock landing page by using the replace() method,” according to the analysis. The replace() method searches a string for a specified value, and returns a new string where the specified values are replaced.

Besides redirecting users to other sites, an attacker could exploit the XSS to rewrite the current page into anything they like, Segura noted.

In any event, the final browser-locker landing page is hosted on one of around 500 “disposable” and randomly named domains that use a variety of new-ish top-level domains (such as .casa; .site; .space; .club; .icu; or .bar).

#facebook #vulnerabilities #web security #browser locker #cross site scripting #grupo ppe #malwarebytes #news site #open redirect #peru #redirections #security bug #tech support scam #xss

Houston  Sipes

Houston Sipes

1600992000

Did Google Open Sourcing Kubernetes Backfired?

Over the last few years, Kubernetes have become the de-facto standard for container orchestration and has also won the race against Docker for being the most loved platforms among developers. Released in 2014, Kubernetes has come a long way with currently being used across the entire cloudscape platforms. In fact, recent reports state that out of 109 tools to manage containers, 89% of them are leveraging Kubernetes versions.

Although inspired by Borg, Kubernetes, is an open-source project by Google, and has been donated to a vendor-neutral firm — The Cloud Native Computing Foundation. This could be attributed to Google’s vision of creating a platform that can be used by every firm of the world, including the large tech companies and can host multiple cloud platforms and data centres. The entire reason for handing over the control to CNCF is to develop the platform in the best interest of its users without vendor lock-in.

#opinions #google open source #google open source tools #google opening kubernetes #kubernetes #kubernetes platform #kubernetes tools #open source kubernetes backfired