Description
An HTTP redirection (3XX status code) typically does not include a body. However, if a body is present in the redirection response, it indicates that code execution continues after the redirection. This can lead to information leakage or expose access to sensitive functionalities. For instance, an improperly implemented redirection may reveal admin page contents to unauthorized users, compromising security.
Recommendation
To mitigate this risk:
- Ensure that code execution halts after redirection.
- In PHP, use
exit()ordie()after redirection. - In ASP.NET, use
Response.Redirect("redirected-page.aspx", false)to redirect users without continuing code execution.
References
Related Issues
- Private IPv6 Address Disclosure - Vulnerability
- Robots.txt Found - Vulnerability
- Sensitive Old/Backup Resource Found - Vulnerability
- Sensitive Unreferenced Resource Found - Vulnerability
You might also like:
- Tags:
- Information Disclosure
Anything's wrong? Let us know Last updated on May 13, 2024


