Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
As you can see in the official definition, the issue here is redirection. Or, to be precise, the issue is redirection in a non secure manner.
The official documentation suggests that the best ways to find out whether some software includes dangerous forwarding of redirects are as follows:
The documentation includes a couple of samples of an attack, which we can adapt to a .NET environment:
redirect.aspx
, which takes a single parameter named url
. The attacker crafts a malicious URL that redirects users to a malicious site that performs phishing and installs malware:http://www.example.com/redirect.aspx?url=evil.com
In this case, the problem is that next to the url
parameter, the attacker might get redirected to a site of their own or another kind.
http://www.example.com/something.aspx?fwd=admin.aspx
Remember that this type of behavior is common in web development.
3.17.81.201