Raja

Raja

  • 762
  • 1.9k
  • 191.4k

How to prevent open redirection attacks?

Feb 22 2017 7:49 AM
Observation
 
                  Un-validated Redirect: The login form is vulnerable to un-validated redirect attacks:
 
Affected URLs: https://example.com/login.aspx?returnURL=https://www.attacker.com 
 
 
Impact 
 
    By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
 
 Recomendation
 
         Whitelist the redirect URLs and prevent redirection outside parent domain. 
 
 
 i dont know what is the problem is that.and what they saying.
My understading 
if login the application that redirect another un- validated page.
 
How to fix it what is the problem is that 
 
 

Brought to you by:

Answers (4)