Vulnerability
Client Side URL Redirect
When a web application initially redirects to an HTTP URL and then redirects to HTTPS eventually. The attacker can easily exploit this vulnerability for a successful attack and can be redirected to a different host without any proper validation of user parameters. An attacker can execute this attack by adding an untrusted URL input to a malicious site. The attacker can easily launch a phishing scam to steal user credentials from the application. As the server name in the modified link is identical to the original site, phishing attempts will give a legit appearance on the Internet.
Impact
Using this vulnerability, an attacker can:-
- redirect the user to a malicious site to steal information/data.
- show user false data which will, in turn, affect the credibility of the website.
Mitigation / Precaution
Beagle recommends the following:-
- Remove redirect from the application.
- Disable HTTP completely from the application.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
