What are Unvalidated Redirects and Forwards Vulnerability?

When a web application accepts untrusted input, the web application may redirect the request to a URL included inside the untrusted input. An attacker can successfully conduct a phishing scheme and steal user credentials by changing untrusted URL input to a malicious site.

Because the server name in the changed URL is the same as the original site’s, phishing efforts may look more trustworthy. Unvalidated redirect and forward attacks may also be used to maliciously design a URL that passes the application’s access control check and then redirect the attacker to privileged functionality that they would not ordinarily be allowed to access.

Redirections to Safe URLs

When we wish to automatically redirect a user to another page (without the visitor doing any action, such as clicking on a hyperlink), we may use the following code:

Java

response.sendRedirect("http://www.mysite.com");

PHP

<?php
/* Redirect browser */
header("Location: http://www.mysite.com");
/* Exit to prevent the rest of the code from executing */
exit;
?>

ASP .NET

Response.Redirect("~/folder/Login.aspx")

Rails

redirect_to login_path

In the above cases, the URL is explicitly specified in the code and so cannot be altered by an attacker.

Preventing Unvalidated Redirects and Forwards

There are several methods to use redirects and forwards safely:

Simply prevent from utilizing redirects and forwards.
Allowing the URL as user input for the destination is not permitted if it is utilized.
Allow the user to supply a short name, ID, or token that is mapped server-side to the complete destination URL wherever feasible.
- This gives the greatest level of security against an attack that tampers with the URL.
- Take care not to add an enumeration vulnerability, in which a user might cycle through IDs to identify all potential redirect targets.

If user input is unavoidable, make certain that the value given is accurate, acceptable for the app, and approved for the user.
Create a list of trustworthy URLs to sanitize input (lists of hosts or a regex).
- Instead of a block list, this should be built on an allow-list approach.
All redirects must first travel via a page telling users that they are leaving your site, with the destination clearly stated, and require them to click a link to confirm.

ZOFixer.com security scan helps to find this vulnerability in your web application, you can easily use it by registering on our website and activating the 30-day trial.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Redirections to Safe URLs

Preventing Unvalidated Redirects and Forwards

Related Posts

Leave a Comment Cancel Reply