Unvalidated Redirects and Forward Vulnerability, also sometimes referred to as URL Redirection Vulnerability, is a type of bugs found in the Web Application. In this type of vulnerability, the attacker uses to manipulate the URL and send it to the victim. As soon as the victim opens the URL, the website redirects it to a malicious website or website to which the attacker wants the user to get redirected. The attacker generally uses to exploit this type of Vulnerability with the help of manual manipulation in the URL or with the help of several tools like Burpsuite, which gives an attacker several types of way due to which he can manipulate the URL to get Redirected.
How URL Redirection works ?
First of all, we need to get a brief idea about the HTTP Response Codes. So here are the response codes:
- 1×× Informational
- 2×× Success
- 3×× Redirection
- 4×× Client Error
- 5×× Server Error
The above HTTP Status code tells us about the response that we receive from a website. So for URL redirection, generally, 3xx Codes are redirection codes that say to the user that this URL is going to get redirected to some other page. The attacker takes advantage of this and tries to inject their payloads or manipulate the URL to send the victim to their malicious website. Below is the screenshot of the Burpsuite via which an attacker can add filters and can find out specific URLs having 3xx codes.
The above image is only showing those URL’s which have 3xx code. Now we have to check the specific parameters in the URL, for example (dest, redirect, uri, path, continue, url, navigation), etc. The URL would be somewhat like this
https://www.xyz.com/continue=www.xyz.com/abc. So the attacker removes the entire URL after “Continue” and adds his phishing page URL, which might be as an exact copy of the original webpage.
Step by Step Working of Attack –
- Attacker Intercept the request of URL in Burpsuite.
- Send the request to Spider.
- Check for the parameters & when found, send the request to repeater tab.
- Attacker Choose the target location, where to apply your payload.
- Start attack.
By following the above steps, an attacker will get the list of particular URLs where the website is successfully redirected.
Impact’s of the Attack –
- Attacks like CSRF can be chained via this bug
- XSS (Cross Site Scripting) can be exploited in this case
- Theft of confedential Information
- User can be tricked on a phishing page and can be exploited in several ways.
Remediations of Unvalidated Redirects & Forwards Vulnerability –
- Remove redirection functions from the Web Application & replace with direct links
- A server side list should be mainted for all the particluar URLs that are needed to be redirected
- Proper Validation in the URL those are redirecting must be integrated at backend
- Absolute URLs must be used in the Web Applications for all the specific redirects.
- How to implement Picture in Picture (PIP) in Android?
- cin get() in C++ with Examples
- Difference between Increment and Decrement Operators
- Simplified International Data Encryption Algorithm (IDEA)
- How to discretize an Ellipse or Circle to a Polygon using C++ Graphics?
- @SafeVarargs Annotation in Java 9 with Example
- Building App For Google Assistant Without Any Coding
- Concept Of Address Split in OS
- Concept behind Multiple Booting Guide
- Formation Of Process from Program
- Finding the Frobenius Norm of a given matrix
- Query to check if a range is made up of consecutive elements
- Problem in comparing Floating point numbers and how to compare them correctly?
- Diamond operator for Anonymous Inner Class with Examples in Java
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.