Thursday, 1 December 2011

Simple Case of URL Redirect Vulnerability


Description :-

URL Redirection is done when a website redirects a user to another trusted site.

URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site
they are visiting.


Examples for URL Redirect Vulnerability:-

http://www.vulnerable.com?redirect=http://www.attacker.com

The phishing use can be more complex, using complex encoding:

Real redirect: http://www.vulnerable.com/redirect.asp?=http://www.links.com

Faked link: http://www.vulnerable.com/security/advisory/23423487829/../../../redirect.asp%3F%3Dhttp%3A//www.facked.com/advisory/system_failure/password_recovery_system

Impact :-

A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.


Solution :-

To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. The server must have a relation of the authorized redirections (i.e. in a database).

POC :-

Here is a case of URL Redirection where the website does not validate the URL before redirecting the client.




A simple change in the redirect address can redirect the client to the attacker's site.





No comments:

Post a Comment