如何防止开放重定向攻击? [英] How to prevent open redirection attacks?
本文介绍了如何防止开放重定向攻击?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Observation
Un-validated Redirect: The login form is vulnerable to un-validated redirect attacks:
Affected URLs: https://example.com/login.aspx?returnURL=https://www.attacker.com
Impact
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Recomendation
Whitelist the redirect URLs and prevent redirection outside parent domain.
i dont know what is the problem is that.and what they saying.
我的尝试:
What I have tried:
My understading is
if login the application that redirect another un- validated page.
How to fix it what is the problem is that
推荐答案
对开放重定向有一个很好的解释您可以采取的攻击和步骤来避免它们此处 [ ^ ]。如果我是你,我会尝试那里列出的技术。
There's a pretty good explanation of open redirection attacks and steps you can take to avoid them here[^]. If I were you, I would try out the techniques listed there.
这篇关于如何防止开放重定向攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文