Description :-
URL Redirection is done when a website redirects a user to another trusted site.
URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site
they are visiting.
Examples for URL Redirect Vulnerability:-
http://www.vulnerable.com?redirect=http://www.attacker.com
The phishing use can be more complex, using complex encoding:
Real redirect: http://www.vulnerable.com/redirect.asp?=http://www.links.com
Faked link: http://www.vulnerable.com/security/advisory/23423487829/../../../redirect.asp%3F%3Dhttp%3A//www.facked.com/advisory/system_failure/password_recovery_system
Impact :-
A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.
Solution :-
To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. The server must have a relation of the authorized redirections (i.e. in a database).
POC :-
Here is a case of URL Redirection where the website does not validate the URL before redirecting the client.
A simple change in the redirect address can redirect the client to the attacker's site.
No comments:
Post a Comment