Open Redirect Vulnerability Explained

These are awesome, dude! Happy you see you starting up a show!

This video gives me a ton of information in a clear logical way in 8 min ! I didnt understand or remeber it all but I can do research on the topic easily ! Thank you ! This is helpful

What a great detailed video.. really loved it!
next time i will just forward this video link, whenever anyone asks me about open redirects.
You got me subbed and i will wait for more contents from you :)

I hope for the day where I come back to this video and flawlessly understand everything you said

Awesome man! After a long time, I found an awesome video. Please continue to upload such content.

I always wait for that cool ending ♥

Very clear explanation with simple graphics. Thanks!

Amazing video dude !! Keep it up. And thanks for the awesome challenge :)

One of the best video i seen Open Redirection . Thanks for doing this kinds of videos it will be very usefull for beginers

Subbed Bro keep up the great work and very good quality

This is explained so simple. And i feel like i still saw a video on Chinese.

Just found you and I love all these videos. You got some pretty nice digital handwriting and drawing. That flask logo. 👍

Very informative, and deep for understanding video! I have blow in my thinking about this..) Thanks! Good luck!

the next liveoverflow ? focus on web exploitation topic should be good i think, keep it up buddy!

Very clear and good amazing video.I want to learn more such things from you.

Very good explanation! Thank you.

Amzing bro keep going u got my sub😍😍

Love your videos! Thanks!!

Well Explained, Tq. And BGM , loved it.

Ok, this was awesome! Nice Tut

Sir please more videos on different vulnerabilitys
Great video

Amazing channel. Don't stop making videos like this

Very good explanation, you are awesome.
Thaaaaanks

I love the drawings lmaoo, good video :0

Great vedio... explained everything so simply 😍 Keep on going... you earned my respect 😀

Thank you for making great content!

Love your vids👍

Your contents are valuable for self-learners

Your awesome...and your video to good..bro

Great content here is your sub

A really good one! Thank you!

Why this channel is so amazing 😌

The best quality programing content ever
Ever

You've got my sub man! Keep up the good work!

keeeeeep going maaaaan .. u are perfect

Awesome videos.

I didn't find video like this. Keep it up

you explain this so clearly and so well. good work!

Please your videos going, they are amazing

nice work!!!

I love the music at beginning

Well explained! ❤️

Absolutely brilliant

Awesome..

I like how chill he is

Wow, this channel is underrated !

Just got my equipments to start hunting thanks alot

nice explanation, got subs from us :)

Good content and explanation!:)

Ur rocking dude
Love u 😘

Awesome

Awesome content

This is really informative

quality content ....... awesome

I discover ur channel now, cool man!

awesome content bro

fantastic videos wow

And thus, a legend was born

Can I call your Mom, Mom? cause You sounded like, you are my big brother, n you explained everything to me so sweetly

MAN!!! Your explanation just drilled the concept hole in my brain! I finally understand How is this a vulnerability and the Thomas Example was cherry on cake! It gave a good understanding~

Great content

It's awesome

You are awesome...

With your download chrome example, don’t most browsers tell you where the file is downloaded from? Firefox would say “ChromeSetup” for what you downloaded and in a smaller line below it “Downloaded from attacker’s website”, could this possibly be faked in a dangerous way (something like how mega does downloads? completely on the page and only sends your browser the finished file, which i guess is intended for stuff you make in-browser, the browser should handle remote downloads, right?) or does the attack only work on browsers that don’t tell you which server it downloaded the file from?

Great vedio! But where can I find the english caption?

So beautiful

btw I like your drawing XD

Hey! if the websites instead of redirecting to another domain, loads content from the domain you select, does count as a vulnerability? how can i exploit it?

Awesome video!
Also, it's better to send tokens via POST method rather than GET. That could solve the issue, but still very well demonstrated. 👍

YOOOO Social Engineering is an essential skill because we all know when 'something' does not brake from the outside it does from the inside and of course the human factor will always be vulnerable.

Can you change the auto-generated subtitles for this video from Korean to English?

I was looking for an Olivia Rodrigo audio file, and I found a website that redirected me to some website where the screen said something about my iPad having 19 viruses....

Cooooooooool channel. but plz place those browser window green, yellow and red buttons on the left :)

what do you use to create these videos ?

Can you please tell me the name of your terminal fonts?

What program did you use for the drawings?

please answer to me, what is the name of this app?

PwnFunction: What could possibly go wrong?
Me: Everything.

Someone knows which theme the editor use in vscode?

If I make a open redirect and if it redirects out of the site I show a Warning that you are leaving the site.
(I coded so everytime ANY redirect is ran it shows the warning first, then redirects to the target after accepting
It shows the URL it is redirecting to and with a Fat Warning text

I was just watching through your video again, but needed subtitles... "Korean (auto generated)"?! That confused me for a second! :)

Just found like 10 open redirects on a site and it's other domains. will try to escalate those 😉

I try to simulate the code in the end of the video and trigger XSS, but i can not trigger XSS. Could anyone help me ?

Oh boy. I'm totally guilty of this one.

i like the way how you said INTERNET EXPLORER whahahaha

How an attacker change url parameters on a website into desired url

How can someone use an open redirect to take over an account?
- password tokens are not listed anywhere. how can the hacker find the token?
- even if the token is found, there is a HIGH chance it is expired.
- even if the token is found, the token is deleted right after the password reset.
Also if the hacker has the token, why not directly resetting the password himself?

make more vids about web hacking... nice job

AMAZING FUCKING VIDEO !!!!

Good video! the flickering when some (wrong) drawing is removed is really annoying though.

How we can get token as it is seCret token ?

Please put the english subtitles

1:00 Luckily PHP removes all the newlines in the header() argument or else it could be much more interesting :D

Is your intro a wireshark packet? XP

Foma Kinyaev

Bro put videos regularly

God , i didn't understand anything. but i will😎

idk anything of those topics. i like your video style tho.

1337 reference

oRwPeN RWedirect