如何防止开放重定向攻击？ [英] How to prevent open redirection attacks?

问题描述

Observation
            Un-validated Redirect: The login form is vulnerable to un-validated redirect attacks:
 
Affected URLs: https://example.com/login.aspx?returnURL=https://www.attacker.com 

Impact 
          By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Recomendation
          Whitelist the redirect URLs and prevent redirection outside parent domain. 

i dont know what is the problem is that.and what they saying.

我的尝试：

What I have tried:

My understading  is
if login the application that redirect another un- validated page.
 
How to fix it what is the problem is that 

推荐答案

对开放重定向有一个很好的解释您可以采取的攻击和步骤来避免它们此处 [ ^ ]。如果我是你，我会尝试那里列出的技术。

There's a pretty good explanation of open redirection attacks and steps you can take to avoid them here[^]. If I were you, I would try out the techniques listed there.

这篇关于如何防止开放重定向攻击？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！