| Details | |
|---|---|
| Alert ID | 10028 |
| Alert Type | Passive |
| Status | release |
| Risk | High |
| CWE | 601 |
| WASC | 38 |
| Technologies Targeted | All |
| Tags |
CWE-601 OWASP_2017_A01 OWASP_2021_A03 WSTG-V42-CLNT-04 |
| More Info |
Scan Rule Help |
Summary
Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. https://nottrusted.com) to control an offsite redirect. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.
For example an attacker could supply a user with the following link: https://example.com/example.php?url=https://malicious.example.com.
Solution
To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. Implement safe redirect functionality that only redirects to relative URI's, or a list of trusted domainsOther Info
The 301 or 302 response to a request for the following URL appeared to contain user input in the location header: https://example.com/transact The user input found was: place=evil.com The context was: http://evil.comReferences
- https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
- https://cwe.mitre.org/data/definitions/601.html