There is another potential vector when we are managing redirects, known as shorteners. Sometimes the URL generated by an application or created by a developer is too long or complex to remember; URL shorteners were invented for such cases.
URL shorteners are services where anyone can store a URL, temporary or permanently, and then the service will generate a new one. This new URL is shorter than the original and easy to remember. A user can access the resource, using this shorter URL. This will redirect the user to the original URL:
For example, imagine we have an original URL, such as the following:
http://www.testsiste.com/redirect?url=http://othersite.com/evil.php
This looks malicious and a normal user may not want to click on it, even if it is encoded:
http://www.testsite.com/redirect?url=%68%74%74%70%3A%2F%2F%65%76%69%6C%77%65%62%73%69%74%65%2E%63%6F%6D%2F%70%77%6E%7A%2E%70%68%70
It still looks weird, but if we use a shortener, we can get a URL that appears normal:
http://tinyurl.com/36lnj2a
Here are some of the impacts of these kinds of URLs:
- They could have XSS attacks in them and the user, or even a browser, might not detect them.
- It is possible to disable warning notifications using them.
- It is possible to change paths in the original URL to upload files or extract files.
- It is very difficult to block them.