Vulnerabilities/

Unvalidated Redirection

Impact: High

Description

Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. OWASP

Recommendation

Use a mapping between user input and redirection target. You can also use a white-list for user input. If none is applicable, notify the user before redirection.

References

Last updated on February 15, 2021

This issue is available in SmartScanner Professional

See Pricing