URL redirection is forwarding a user from one page to another page. There are basically two types of redirection:-
Internal Redirection: Forwarding to internal pages.
External Redirection: Forwarding to external pages (Other domains).
There are many servers that are vulnerable to external redirection where an application incorporates user-controllable data into the target of a redirection in an insecure way. An attacker can construct a URL within the application that causes a redirection to any random external domain.
The following are the examples of redirection:-
Server side scripting
The attacker can do the following impacts:-
Execute malicious code
Unstable the web application
Remote Command Execution
Mitigation / Precaution
This vulnerability can be fixed by:-
Removing the redirection function from the application
Replacing the links with direct links to relevant target URLs.
Maintaining a server-side list of all URLs that are permitted for redirection.
Beagle Security helps you to proactively secure your web apps & APIs
with automated penetration testing & actionable remediation insights.