A10 – Invalidated redirects and forwards

Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

As you can see in the official definition, the issue here is redirection. Or, to be precise, the issue is redirection in a non secure manner.

The official documentation suggests that the best ways to find out whether some software includes dangerous forwarding of redirects are as follows:

Revise the code for any redirection or forwarding (transfer in .NET). Once identified, check whether the target URL is included in any parameter values. ...

Get Mastering C# and .NET Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering C# and .NET Framework by Marino Posadas

A10 – Invalidated redirects and forwards

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly