An attacker can successfully launch a phishing scam and steal user credentials on the victim users by modifying the untrusted URL input to a malicious site. This redirection attack is possible because the server name of the original site is identical to the destination site. As the malicious site is almost identical to the original site, the phishing attempts may have a more trustworthy appearance. The attacker misuses the Unvalidated redirect vulnerability to create a maliciously crafted URL to pass the application’s access control check and then forward the attacker to privileged functions that they would normally not be able to access.
This vulnerability occurs when an application accepts untrusted input that contains an URL value without sanitising it. The attacker can use the URL value to redirect the user to another page controlled by the attacker.
response.sendRedirect(request.getParameter("http://example.beaglesecurity.com"));
The impact for this vulnerability includes:-
Beagle recommends the following fixes:-