Unvalidated Document Object Model redirection

By
Febna V M
Published on
29 Jun 2018
Vulnerability

Document Object Model based open redirection occurs when a script writes controllable data into the target of a redirection in an unsecured way. An attacker can use this vulnerability to construct a custom URL. If the URL is visited by another application user, it will cause a redirection to a target external domain. This web application uses Document Object Model input values to store the address of the page in which the client is to be redirected. An unvalidated redirection can occur when the attacker is able to modify the affected parameter value and can control the location of the redirection.

Impact

This vulnerability can has the following impacts:-

  • Data phishing
  • The attacker can steal information from end-users
  • The attacker can pursue the end-user into downloading malicious files

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Applying proper authentication on the client side code.
  • Using the whitelisted parameters as the parameter values.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.