How scammers abuse Google Search’s open redirect feature

2020-05-15 13:04

It reminded me of a very similar Skype message I'd received a few years ago, one that abused an open redirect in Google Maps, and I wondered if there was another.

One answer is to find an open redirect on a legitimate website - a redirection facility that can be abused to bounce users from a trustworthy website to another, less trustworthy one.

In some browsers, like Firefox or Safari, Google search results don't lead directly to the listed websites.

If a website is listed on Google Search, it has a usg, which is easily retrieved from the source code of the search results page.

So why does Google tolerate it? Well, Google doesn't consider open redirects to be a security issue.

News URL

https://nakedsecurity.sophos.com/2020/05/15/how-scammers-abuse-google-searchs-open-redirect-feature/

#google #scammer

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		102	253	4226	4525	728	9732