Vulnerability
URL redirection is forwarding a user from one page to another page. There are basically two types of redirection:-
- Internal Redirection: Forwarding to internal pages.
- External Redirection: Forwarding to external pages (Other domains).
There are many servers that are vulnerable to external redirection where an application incorporates user-controllable data into the target of a redirection in an insecure way. An attacker can construct a URL within the application that causes a redirection to any random external domain.
Example
The following are the examples of redirection:-
Please follow <a href="http://www.sashsite.com/">this link</a>. // Manual redirect
Server side scripting
header('HTTP/1.1 301 Moved Permanently');
header('Location: http://www.example.com/');
exit();
Javascript
window.location='http://www.example.com/'
Impact
The attacker can do the following impacts:-
- Execute malicious code
- Unstable the web application
- Remote Command Execution
Mitigation / Precaution
This vulnerability can be fixed by:-
- Removing the redirection function from the application
- Replacing the links with direct links to relevant target URLs.
- Maintaining a server-side list of all URLs that are permitted for redirection.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
