Open Redirect

Type: Passive Scan

Description

Open redirects are one of the OWASP 2010 Top Ten vulnerabilities. This check looks at user-supplied input in query string parameters and POST data to identify where open redirects might be possible. Open redirects occur when an application allows user-supplied input (e.g. http://nottrusted.com) to control an offsite redirect. This is generally a pretty accurate way to find where 301 or 302 redirects could be exploited by spammers or phishing attacks.

For example an attacker could supply a user with the following link: http://example.com/example.php?url=http://malicious.example.com.

Solution

To avoid the open redirect vulnerability, parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser. Implement safe redirect functionality that only redirects to relative URI's, or a list of trusted domains

References

• https://www.owasp.org/index.php/Open_redirect
• https://owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
• https://cwe.mitre.org/data/definitions/601.html

Code

• org/zaproxy/zap/extension/pscanrulesBeta/UserControlledOpenRedirectScanner.java

Last updated: 2020-04-30 16:12:39.623Z