Unvalidated Redirects and Forwards

Unvalidated Redirects and Forward Vulnerability, also sometimes referred to as URL Redirection Vulnerability, is a type of bugs found in the Web Application. In this type of vulnerability, the attacker uses to manipulate the URL and send it to the victim. As soon as the victim opens the URL, the website redirects it to a malicious website or website to which the attacker wants the user to get redirected. The attacker generally uses to exploit this type of Vulnerability with the help of manual manipulation in the URL or with the help of several tools like Burpsuite, which gives an attacker several types of way due to which he can manipulate the URL to get Redirected.

How URL Redirection works ?

First of all, we need to get a brief idea about the HTTP Response Codes. So here are the response codes:

  • 1×× Informational
  • 2×× Success
  • 3×× Redirection
  • 4×× Client Error
  • 5×× Server Error

The above HTTP Status code tells us about the response that we receive from a website. So for URL redirection, generally, 3xx Codes are redirection codes that say to the user that this URL is going to get redirected to some other page. The attacker takes advantage of this and tries to inject their payloads or manipulate the URL to send the victim to their malicious website. Below is the screenshot of the Burpsuite via which an attacker can add filters and can find out specific URLs having 3xx codes.

The above image is only showing those URL’s which have 3xx code. Now we have to check the specific parameters in the URL, for example (dest, redirect, uri, path, continue, url, navigation), etc. The URL would be somewhat like this https://www.xyz.com/continue=www.xyz.com/abc. So the attacker removes the entire URL after “Continue” and adds his phishing page URL, which might be as an exact copy of the original webpage.

Step by Step Working of Attack –

  1. Attacker Intercept the request of URL in Burpsuite.
  2. Send the request to Spider.
  3. Check for the parameters & when found, send the request to repeater tab.
  4. Attacker Choose the target location, where to apply your payload.
  5. Start attack.

By following the above steps, an attacker will get the list of particular URLs where the website is successfully redirected.

Impact’s of the Attack –

  • Attacks like CSRF can be chained via this bug
  • XSS (Cross Site Scripting) can be exploited in this case
  • Theft of confedential Information
  • User can be tricked on a phishing page and can be exploited in several ways.

Remediations of Unvalidated Redirects & Forwards Vulnerability –

  • Remove redirection functions from the Web Application & replace with direct links
  • A server side list should be mainted for all the particluar URLs that are needed to be redirected
  • Proper Validation in the URL those are redirecting must be integrated at backend
  • Absolute URLs must be used in the Web Applications for all the specific redirects.
My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.