CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-601
Jump to navigation
Jump to search
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Description
Some web applications contain redirections. If they are not properly handled, they could enable an attacker to redirect a victim to non-expected resources.
Let's take an example. Given a PHP page that has following code in it:
/***
* index.php
*/
<?php
$redirect_url = $_GET['url'];
header("Location: " . $redirect_url);
...
?>
A normal behavior could be an internal redirection to another page of the same application. Although, this poor code would enable an attacker to use:
http://legitimatesite.com/index.php?url=http://malicioussite.com/
Risk measurement
| Weakness Prevalence | High |
|---|---|
| Remediation Cost | Medium |
| Attack Frequency | Sometimes |
| Consequences | Code execution, Data loss, Denial of service |
| Ease of Detection | Easy |
| Attacker Awareness | Medium |
Comments
Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-601