If a user is redirected or forwarded to a page defined by an unverified entry, the target URL can be manipulated by an attacker. This attack is used to redirect a user to a malicious website through a website with a trusted domain name or to access an unauthorized internal page.
Impact on Security:
- Attack on Confidentiality
- Attack on Integrity
- Attack on Availability
Exploitability : Average
Impact : Moderate
Possible Mitigation:
- Avoid using redirects and forwards.
- Don’t involve user parameters in calculating the destination.
- If destination parameters can’t be avoided, ensure that the supplied value is valid, and authorized for the user. IT is recommended that any such destination parameters be a mapping value, rather than the actual URL or portion of the URL, and that server side code translate this mapping to the target URL.
- Create a whitelist of allowed pages or external sites (blacklists should not be used).
No comments:
Post a Comment