debian-mirror-gitlab/doc/user/application_security/dast/checks/601.1.md
2022-07-23 20:15:48 +02:00

1.5 KiB

stage group info
Secure Dynamic Analysis To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

URL redirection to untrusted site ('open redirect')

Description

This site was found to allow open redirects from user supplied input. Open redirects are commonly abused in phishing attacks where the original domain or URL looks like a legitimate link, but then redirects a user to a malicious site. An example would be https://example.com/redirect?url=https://%62%61%64%2e%63%6f%6d%2f%66%61%6b%65%6c%6f%67%69%6e which, when decoded turns into bad.com/fakelogin.

Remediation

Never redirect a client based on user input found in a GET request. It is recommended that the list of target links to redirect a user to are contained server side, and retrieved using a numerical value as an index to return the link to be redirected to. For example, /redirect?id=1 would cause the application to look up the 1 index and return a URL such as https://example.com. This URL would then be used to redirect the user, using the 301 response code and Location header.

Details

ID Aggregated CWE Type Risk
601.1 true 601 Passive Low