Unvalidated Document Object Model redirection

Document Object Model based open redirection occurs when a script writes controllable data into the target of a redirection in an unsecured way. An attacker can use this vulnerability to construct a custom URL. If the URL is visited by another application user, it will cause a redirection to a target external domain. This web application uses Document Object Model input values to store the address of the page in which the client is to be redirected. An unvalidated redirection can occur when the attacker is able to modify the affected parameter value and can control the location of the redirection.

Impact

This vulnerability can has the following impacts:-

  • Data phishing
  • The attacker can steal information from end-users
  • The attacker can pursue the end-user into downloading malicious files

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Applying proper authentication on the client side code.
  • Using the whitelisted parameters as the parameter values.

Latest Articles