Open redirect vulnerabilities have been identified on several MSN Mobile websites by Moroccan security researcher Souhail Hammou.According to the expert, besides the main site (mobile.msn.com), the security holes have plagued the Mexico, France, UK, Spain, Germany, Netherlands, Belgium, Brazil, and Canada domains.
“An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it, this does simplify phishing attacks,” the expert explained in an advisory provided to Softpedia.
“The attacker can exploit this unvalidated redirect by tricking victims into clicking the link. Victims are more likely to click on it, since the link is to a valid and trusted website as they think. So, the attacker will fool unsuspecting users into believing that they're navigating to the well-known site as opposed to the attacker controlled site.”
As a solution to such vulnerabilities, Hammou recommends webmasters to avoid using redirects and forwards. If the redirection parameter is needed, the expert recommends “ensuring that the supplied value is valid and authorized for the user in the destination parameter.”
The vulnerabilities have been reported to Microsoft. The company has addressed the flaws and listed the researcher on the Security Researcher Acknowledgments for Microsoft Online Services page.
Additional technical details provided to us by the expert are available here. He has also published a proof-of-concept video.
In January, Souhail Hammou reported a cookie handling vulnerability to Twitter. In addition, he has reported security holes to Twitter, Mozilla, Facebook and Huawei.
Here is the POC video which demonstrates the existence of open redirect vulnerabilities on MSN Mobile websites: