Description
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link to generate a redirect.
Recommendations
Always validate user-supplied input to ensure that it conforms to the expected format, using centralized data validation routines when possible. Check the supplied URL against a whitelist of approved URLs or domains before redirecting.
For More detail - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Issue Code
url = "/myapp/"+reqNo+"/view"; ((HttpServletResponse)response).sendRedirect(url); |
Fixed Code
DefaultHTTPUtilities utilities=new DefaultHTTPUtilities(); url = "/myapp/"+reqNo+"/view"; utilities.sendRedirect(url); |
Explanation
Above Example "reqNo" value which is present in URL is used to redirect the request.But that value can be anything.So it will let redirect vulnerability. By using ESAPI to avoid such a vulnerability.
If url exceeds 500 character, the exception would throw it.
ReplyDeleteDid you get any solution to this??
ReplyDeleteHow to fix without using ESAPI
ReplyDelete