Unvalidated Redirects and Forward Vulnerability, also sometimes referred to as URL Redirection Vulnerability, is a type of bugs found in the Web Application. In this type of vulnerability, the attacker uses to manipulate the URL and send it to the victim. As soon as the victim opens the URL, the website redirects it to a malicious website or website to which the attacker wants the user to get redirected. The attacker generally uses to exploit this type of Vulnerability with the help of manual manipulation in the URL or with the help of several tools like Burpsuite, which gives an attacker several types of way due to which he can manipulate the URL to get Redirected.
How URL Redirection works ?
First of all, we need to get a brief idea about the HTTP Response Codes. So here are the response codes:
- 1×× Informational
- 2×× Success
- 3×× Redirection
- 4×× Client Error
- 5×× Server Error
The above HTTP Status code tells us about the response that we receive from a website. So for URL redirection, generally, 3xx Codes are redirection codes that say to the user that this URL is going to get redirected to some other page. The attacker takes advantage of this and tries to inject their payloads or manipulate the URL to send the victim to their malicious website. Below is the screenshot of the Burpsuite via which an attacker can add filters and can find out specific URLs having 3xx codes.
The above image is only showing those URL’s which have 3xx code. Now we have to check the specific parameters in the URL, for example (dest, redirect, uri, path, continue, url, navigation), etc. The URL would be somewhat like this
https://www.xyz.com/continue=www.xyz.com/abc. So the attacker removes the entire URL after “Continue” and adds his phishing page URL, which might be as an exact copy of the original webpage.
Step by Step Working of Attack –
- Attacker Intercept the request of URL in Burpsuite.
- Send the request to Spider.
- Check for the parameters & when found, send the request to repeater tab.
- Attacker Choose the target location, where to apply your payload.
- Start attack.
By following the above steps, an attacker will get the list of particular URLs where the website is successfully redirected.
Impact’s of the Attack –
- Attacks like CSRF can be chained via this bug
- XSS (Cross Site Scripting) can be exploited in this case
- Theft of confedential Information
- User can be tricked on a phishing page and can be exploited in several ways.
Remediations of Unvalidated Redirects & Forwards Vulnerability –
- Remove redirection functions from the Web Application & replace with direct links
- A server side list should be mainted for all the particluar URLs that are needed to be redirected
- Proper Validation in the URL those are redirecting must be integrated at backend
- Absolute URLs must be used in the Web Applications for all the specific redirects.
- Sum and Product of minimum and maximum element of an Array
- Sum and Product of maximum and minimum element in Binary Tree
- Sum and Product of minimum and maximum element of Binary Search Tree
- Sum and product of k smallest and k largest prime numbers in the array
- Sum and product of k smallest and k largest composite numbers in the array
- Difference between Stop and Wait, GoBackN and Selective Repeat
- Difference and similarities between HashSet, LinkedHashSet and TreeSet in Java
- What are the differences and Similarities Between Lumen and Laravel?
- Generate an array of given size with equal count and sum of odd and even numbers
- Getting System and Process Information Using C Programming and Shell in Linux
- Building a terminal based online dictionary with Python and bash
- Terminal Mail and Linux Security Mail
- Longest repeating and non-overlapping substring
- Precision of floating point numbers in C++ (floor(), ceil(), trunc(), round() and setprecision())
- Print all prime factors and their powers
- Binary Indexed Tree : Range Update and Range Queries
- strtok() and strtok_r() functions in C with examples
- Generating Password and OTP in Java
- Count substrings with same first and last characters
- Basic SQL Injection and Mitigation with Example
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.