Monday, July 9, 2012 0 comments
Redirection is a common process in the web application. Most of the times it is used while logging in a user of logging out. But unvalidate redirect can cause a big trouble and can help attackers to exploit this.
Unvalidate URL redirection and forwarding can be found at many places of the websites. So a web master must check the website at each redirection.
What are Unvalidate Redirects and Forward?
If a website has few places where it forwards or redirects users to other places, this redirection can be used to redirect users to some other malicious websites which can harm users. This redirection can also be used to steal login credential of users.
Simple websites will not see this harmful. But popular websites and mostly online shopping portals must take care about this. Because it can really affect their business and can ruin their name.
Suppose there is a shopping website which redirects users to search page when a user search from the search box.
Same URL is given below
Here we can see that search page search.php and user is being redirected to that page via query.
If this is redirection is not validated properly, attacker can exploit this like this:
If a user clicks on this link, he will be redirected to http://www.attacker.com which can be a fake website or a phishing website.
This attack is not complicated and attacker only needs to find a place of redirection. If he found a link, he will try to exploit the link by changing the redirection URL.
How to protect a website? If you want to protect your website from this attack, you must follow these steps in the same order.
- Avoid redirects and forwards within the website.
- Avoid redirects and forwards for other domains.
- Do not take redirection target from user.
- Use white lists of allowed URLs or black list of disallowed URLs.
- Use of URL mapping if allow user to select the destination