Re: Nmap http-open-redirect problem

[Daniel Miller <bonsaiviking () gmail com>]

Diago,

The http-open-redirect script crawls the website looking for links. If any
of the links have a parameter that was echoed back in a Location header,
then that parameter is changed to "http://scanme.nmap.org/"; and the query
is retried. If the Location header comes back with that URL, then it's an
open redirect.

What is likely the case is that there is not an existing link on your page
that links to redirect.php with a redirect_url parameter. If you add a link
to the site like this, it should work: <a
href="/redirect.php?redirect_url=/">Go Home</a>

Dan

On Wed, Feb 1, 2017 at 9:18 AM, Diago <diago () protonmail ch> wrote:

> I wanted to test if my site represents any open redirect vulnerability, I
> have tried with Nmap script https://nmap.org/nsedoc/scripts/http-open-
> redirect.html it starts the tests and finds only open ports. I wanted to
> made sure this script works so I created a /redirect.php on my website so
> when someone enters my site. com/redirect.php?redirect_url=
> http://anothersite. com it redirects to that, so this way I'm sure my
> site is vulnerable to open redirect but Nmap doesn't find it when I execute
> the script, it only finds open ports but not the path affected by open URL
> vulnerability as script describes on nmap website. What to do? I don't know
> if I'm doing smthng wrong.
>
>
> Sent from ProtonMail mobile
>
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/