How to generate a random value?

There are two simple ways to generate a value:

1. Get the system date time:

// Get the current date and time from system.
DateFormat dateFormat = new SimpleDateFormat(“yyyyMMddHHmmss”);
Calendar cal = Calendar.getInstance();
String GetDateTime = dateFormat.format(cal.getTime());

The Result: 20160528010203

2. Get a random number:

Random rd = new Random();
for (int idx = 1000; idx <= 100000; ++idx) {
randomInt = rd.nextInt(100000);

The Result: 95018

Example code in real:

Malicious redirect & bypass “Redirect Notice” at

The last few months, when I’m working around with “Open Redirect” vulnerability, I found something interesting that a hacker can bypass confirmation page and redirect the user to the malicious website by using the domain.

1. My site:
2. Redirect to other site by using domain:[URL]

Display: Redirect Notice

Redirect Notice - Mozilla Firefox 2016-05-23 23.47.41
So how can I bypass this form and redirect the user to my page without any confirmation message?

3. Bypass the confirmation page:[URL]&usg=[Code]*

* See the below video to know how can I get the Code. The full URL will be:

With this URL, the hacker can redirect the user to malicious site or phishing.

I have reported this issue to Google but they think that this is an not a security vulnerability: “Our take on this is that tooltips are not a reliable security indicator, and can be tampered with in many ways; so, we invest in technologies to detect and alert users about phishing and abuse, but we generally hold that a small number of properly monitored redirectors offers fairly clear benefits and poses very little practical risk.”

In the next email they said that: “We consider this issue as working as intended, but thanks for letting us know”.

I think the confirmation page “Redirect Notice” should be displayed to help the user know where they are going to. It’s a risk for sometimes.

Text injection on form

Đây là một lỗi khá thú vị, nó có thể được dùng để khai thác và đánh lừa người dùng (phishing).


Đầu tiên mình sẽ không nhập Username, Password và bấm Log in thì xuất hiện thông báo lỗi như bên dưới.

Odnoklassniki - Mozilla Firefox 2016-05-21 23.43.29

Chú ý lên URL thì thấy có dạng sau:

Thay đổi dòng “” bằng một nội dung khác.

Kết quả.

Odnoklassniki - Mozilla Firefox 2016-05-21 23.46.32