Unvalidated Redirection
Impact: High
Description
Unvalidated redirects and forwards occur when a web application accepts untrusted input that could redirect the user to a URL provided within the input. Attackers exploit this vulnerability by manipulating the URL input to redirect users to malicious sites, leading to phishing scams and credential theft.
Recommendation
To prevent unvalidated redirection attacks, implement a mapping between user input and redirection targets. Utilize whitelists to validate user input for redirection. If validation fails, notify the user before redirection to ensure they are aware of the destination.
References
👉 You might also like:
Open Redirection In URL - CVE-2018-14574
These 7 PHP mistakes leave your website open to the hackers
Better Passive Vulnerability Testing with SmartScanner version 1.7
No Redirection from HTTP to HTTPS - Vulnerability
Last updated on May 13, 2024