为什么要打开重定向 URL? [英] Why Open Redirect URLS?
问题描述
我一直在浏览 OWASP 前 10 名,以更深入地了解每种特定类型的漏洞.我已经完成了最后一项,未验证的 URL 重定向.我理解攻击;现在我已经在 OWASP 中读到了这样的网络钓鱼计划,这似乎完全是显而易见的.我很难理解的是,为什么这种重定向方式首先会发生.
I've been going through the OWASP top 10 to get a deeper understanding of each specific type of vulnerability. I've made my way to the last item, Unvalidated URL Redirects. I understand the attack; such a phishing scheme seems completely obviously now that I have read about it in OWASP. What I am struggling to understand is why this style of redirecting ever occurs in the first place.
将重定向 URL 作为参数包含在 URL 中肯定有一些优势
There must be some advantage(s) to including the redirect URL as a parameter in the URL
即 example.com/go.php?url=newpage.php
而不是使用许多其他可能的重定向方案.即使url参数是动态生成的,难道还不能通过POST发送来防止恶意URL的创建吗?为什么 Google 允许任何人发送手气不错"的重定向网址,例如
rather than using many of the other possible redirect schemes. Even if the url parameter is generated dynamically, couldn't it still be sent through POST to prevent the creation of malicious URLS? Why does Google allow anyone to send "I'm Feeling Lucky" redirect urls like this one that goes to Stack Overflow?
推荐答案
这个问题现在有点老了,但我会尽力为你解答,以防你仍然好奇,或者忘记了完全地.:)
This question is a bit old now, but I'll have a go at answering it for you anyway in case you're still curious, or forgot about it completely. :)
这是我能想到的添加重定向参数的两个最常见的用例:
Here are the two most common use cases for adding redirect parameters that I can think of:
作为一种在用户离开网站时监控或警告用户的方式.在想要跟踪趋势和用户流量的网站上,例如带有 URL 缩短器的 Twitter 或带有搜索跟踪的 Google,这可用于找出用户下一步要去哪里.网站也可能会仔细检查 URL 并首先检查它是否安全,或者只是向用户展示一个离开页面",警告他们他们将离开域.
As a way of monitoring or warning users when they are leaving the site. On websites that want to track trends and user traffic, like Twitter with its URL shorteners, or Google with search tracking, this can be used to find out where users are going next. Websites might also scrutinize the URL and check to see if it's safe first, or just present the user with a 'leaving page' that warns them that they're leaving the domain.
在用户被转移之前记住他们的意图.例如,用户可能试图直接进入他们的帐户页面,但他们需要先被重定向到登录页面才能登录.成功后,用户将被引导回他们最初尝试访问的页面,而不是默认页面,从而有助于连续性.
To remember what a user's intention was before they were necessarily diverted. For instance, a user might have tried to go directly to their account page, but they need to be redirected to the login page to sign in first. Once this is successful, the user is directed back to the page they were originally trying to access, rather than a default page, aiding continuity.
在第二种情况下,预期的 URL 确实可以作为隐藏参数或 cookie 传递.然而,这两种技术仍然可能像 OWASP 所识别的那样容易受到滥用......除了可能将 URL 作为会话变量存储在服务器端.
In the second case, the intended URL could indeed be passed as a hidden parameter, or as a cookie. However, both of these techniques could still be vulnerable to abuse in the same way as OWASP identifies... except possibly where the URL is stored as a session variable on the server side.
这篇关于为什么要打开重定向 URL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
