Skip to main content

OWASP A10-Unvalidated Redirects and Forwards

Unvalidated Redirects and Forwards
Web applications often redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages.
Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to use unauthorized pages.
Sometime, your application may need to redirect to another area by sending a redirect header to the customer in an HTTP response.This method found in applications that divert after an successful  verification.
The redirection will be in the login form or the URL. both of which can be messed with by the client.Such redirects may attempt to install malware or trick victims into revealing passwords or other delicate data. Risky forwards may permit get to control bypass.
Developers can prevent the weakness by approving client input and furthermore confirming the URL being referred to is really an endorsed target URL.
You can use a guide map technique where URLs are mapped to names, for example, landing page, item pages, or stock page. This would keep clients from providing an invalid URL.

How to check for invalidated Redirects and Forwards?

  • Spider the site to see if it generates any redirects (HTTP response codes 300-307, typically 302). Look at the parameters supplied prior to the redirect to see if they seem to be a target URL or a piece of such a URL. If so, change the URL target and see whether the site redirects to the new target.
  • Check the code for all users of redirect or forward (called a move in .NET). For every use, distinguish if the objective URL is incorporated into any parameter values. Provided that this is true, if the objective URL isn’t approved against a white list, you are vulnerable.
  • If code is unavailable, check all parameters to see if they look like part of a redirect or forward URL destination and test those that do.

How to Test?

This vulnerability occurs when an application accepts untrusted input that has an URL value without sanitizing it.
This URL value could cause the web application to redirect the user to another page as, for example, a malicious page controlled by the attacker.
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Since the redirection is originated by the real application, the phishing attempts may have a more trustworthy appearance.
A phishing attack example could be the following:
http://www.testdomain.com?#redirect=www.fake-target.site
If the application uses forwards to route requests between different parts of the site. To facilitate this, some pages use a parameter to indicate where the user should be sent if a transaction is successful.
In this case, the attacker crafts a URL that will pass the application’s access control check and then forwards the attacker to administrative functionality for which the attacker isn’t authorized.
http://www.example.com/boring.jsp?fwd=admin.jsp

Impact on Website

• Lack of End User Trust
• Lack of Credibility
• Malware Installation
• Worm Infections

Common Defences

  • Destination parameters can’t be avoided, ensure that the supplied value is valid, and authorized for the user.
  • Simply avoid using redirects and forwards.
Reference: https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards

Comments

Popular posts from this blog

Digital Marketing Services in noida

Red Securium Company Provide Digital Marketing Service In Noida Strengthen your brand positioning, awareness, revenue objectives and market share with our custom-built digital marketing services to suit their business needs. Get easily accessible to your target audience on mobiles and social networking sites across different platforms. Our cross-functional digital marketing experts offer end-to-end digital marketing solutions that are in step with your business's goals and policies. Our targeted digital marketing campaigns are custom-structured for helping you in strengthening your brand positioning, awareness, revenue objectives and market share. Digital Marketing Services  Digital Marketing Service  Social Network Marketing Service Seo Services Marketing  PPC Marketing Service  Social Media Marketing Sales Generation Services  Mobile Marketing Service  Content Marketing Service Event Marketing Service  Vide...

How To Access Notorious Dark Web Anonymously (10 Step Guide)

Are you trying to find out  how to access the dark web  and what is it? Well, look no further, we have gone and done the research so we could show you step by step the best and safest way how to access the dark net. We cover everything, from setting up Tor, how to choose a VPN , what not to do, finding the best sites to access, and extra steps to remain anonymous. It is extremely easy to access the dark web and even easier to be detected on it if you don’t take precautions. If you are new to the darknet, this guide will help you on your way. According to researchers, only 4% of the internet is visible to the general public. Meaning that the remaining 96% of the internet is made up of “The Deep Web”. Dark Web or Dark Net  is a subset of the  Deep Web  where there are sites that sell drugs, hacking software, counterfeit money and more. We explain this further down the article if you are not up to speed. If you are looking to access hidden marketpl...

Private data of almost 14,200 patients diagnosed with HIV leaked online

  The affected individuals included 14,200 individuals who had been diagnosed with HIV, of which 5,400 individuals were Singaporeans and 8,800 were foreigners. The leaked information included names, identification numbers, phone numbers, addresses, HIV test results, and other related medical information. Private data of almost 14,200 individuals who had been diagnosed with HIV up to January 2013 were leaked online. A US citizen residing in Singapore gained unauthorized access to the HIV registry and leaked the data online . Out of the 14,200 affected individuals, 5400 individuals were Singaporeans and 8,800 were foreigners. The leaked information included names, identification numbers, phone numbers, addresses, HIV test results, and other related medical information. US citizen gained illegal access to the HIV registry On 28, January 2019, Singapore's Ministry of Health confirmed in a  statement , that Mikhy K Farrera Brochez, a US citizen residing in Singapo...