I wanted to test if my site represents any open redirect vulnerability, I have tried with Nmap script http://ift.tt/2a2tcTQ. It started the tests and only found open ports.
I wanted to make sure this script works so I created a /redirect.php on my website so when someone uses my site with com/redirect.php?redirect_url=http://anothersite.com it redirects to that, so this way I'm sure my site is vulnerable to open redirect but Nmap doesn't find it when I execute the script. It only finds open ports but not the path affected by open URL vulnerability as they shown on Nmap website.
What should I do to verify I am using Nmap correctly? I don't know if I'm doing something wrong.
Aucun commentaire:
Enregistrer un commentaire