Top 10 2013-A10-Unvalidated Redirects and Forwards
Learn about the risks of unvalidated redirects & forwards. Find prevention tips and real attack scenarios to safeguard against malicious exploits.
Overview
This is a guide to understand the security weakness and risks associated with unvalidated redirects and forwards. It provides information on how attackers can exploit this vulnerability and the impact it can have on businesses and users. The guide also includes steps to prevent such attacks and example attack scenarios.
Description
Unvalidated redirects and forwards are commonly used by applications to redirect users to other pages or internal forwards. However, these redirects and forwards can be exploited by attackers to trick users into visiting malicious sites or bypassing security checks. This can lead to the installation of malware or the disclosure of sensitive information. It is important for developers to be aware of this vulnerability and take steps to prevent it.
How to Prevent ?
To prevent unvalidated redirects and forwards, developers can follow these recommendations: 1. Avoid using redirects and forwards if possible. 2. If redirects and forwards are necessary, ensure that user parameters are not involved in calculating the destination. 3. If destination parameters are unavoidable, validate the supplied value and authorize it for the user. 4. Use mapping values instead of actual URLs or portions of URLs for destination parameters. 5. Override the sendRedirect() method using ESAPI to ensure all redirect destinations are safe. By following these guidelines, developers can reduce the risk of unvalidated redirects and forwards.
Example Attack Scenarios:
Phishing and Malware Installation: In this scenario, the attacker crafts a malicious URL that redirects users to a phishing site and installs malware on their devices. This can be achieved by exploiting an unvalidated redirect on the target website.
Access Control Bypass: In this scenario, the attacker crafts a URL that passes the application's access control check and forwards the user to administrative functionality for which they are not authorized. This can be achieved by exploiting an unvalidated forward on the target website.