URL redirection: Difference between revisions

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Revision as of 12:08, 14 June 2024 edit Alien333 (talk \| contribs) Extended confirmed users 1,143 edits Undid revision 1229021730 by 2600:1006:B118:C882:59E9:C6E7:D0FB:DF91 (talk) Tag: Undo ← Previous edit		Revision as of 13:29, 25 June 2024 edit undo John of Reading (talk \| contribs) Autopatrolled, Extended confirmed users, Pending changes reviewers 749,537 edits m →‎Security issues: Typo fixing, replaced: a arbitrary → an arbitrary (4), an web → a web Tag: AWB Next edit →
(2 intermediate revisions by 2 users not shown)
Line 297: ==Security issues== URL redirection can be abused by attackers to perform [[phishing]] attacks. If a redirect target is not sufficiently validated by ana web application, an attacker can make a web application redirect to aan arbitrary website. This vulnerability is known as an open-redirect vulnerability.<ref name=":0">{{Cite book \|last1=Innocenti \|first1=Tommaso \|last2=Golinelli \|first2=Matteo \|last3=Onarlioglu \|first3=Kaan \|last4=Mirheidari \|first4=Ali \|last5=Crispo \|first5=Bruno \|last6=Kirda \|first6=Engin \|chapter=OAuth 2.0 Redirect URI Validation Falls Short, Literally \|date=2023-12-04 \|title=Annual Computer Security Applications Conference \|chapter-url=https://dl.acm.org/doi/10.1145/3627106.3627140 \|series=ACSAC '23 \|location=New York, NY, USA \|publisher=Association for Computing Machinery \|pages=256–267 \|doi=10.1145/3627106.3627140 \|isbn=979-8-4007-0886-2\|hdl=11572/399070 \|hdl-access=free }}</ref><ref name="Open_Redirect"/> In certain cases when aan open redirect occurs as part of aan [[authentication]] flow, the vulnerability is known as a covert redirect.<ref name="Covert_Redirect" /><ref name="CNET" /> When a covert redirect occurs, the attacker website can steal [[Authentication cookie\|authentication information]] from the victim website.<ref name=":0" /> Open redirect vulnerabilities are fairly common on the web. In June 2022, TechRadar found over 25 active examples of open redirect vulnerabilities on the web, including sites like [[Google]] and [[Instagram]].<ref>{{Cite web \|author1=Mike Williams \|date=2022-06-05 \|title=What is an Open Redirect vulnerability, why is it dangerous and how can you stay safe? \|url=https://www.techradar.com/features/what-is-open-redirect-vulnerability \|access-date=2024-04-08 \|website=TechRadar \|language=en}}</ref> Open redirects have their own CWE identifier, CWE-601.<ref>{{Cite web \|title=CWE - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') (4.14) \|url=https://cwe.mitre.org/data/definitions/601.html \|access-date=2024-04-08 \|website=cwe.mitre.org}}</ref> URL redirection also provides a mechanism to perform [[cross-site leak]] attacks. By timing how long a website took to return a particular page or by differentiating one destination page from another, aan attacker can gain significant information about another website's state. In 2021, Knittel et al. discovered a vulnerability in the Chrome's Performance API implementation which allowed them to reliably detect cross-origin redirects.<ref>{{Cite book \|last1=Knittel \|first1=Lukas \|last2=Mainka \|first2=Christian \|last3=Niemietz \|first3=Marcus \|last4=Noß \|first4=Dominik Trevor \|last5=Schwenk \|first5=Jörg \|chapter=XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers \|date=2021-11-13 \|title=Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security \|chapter-url=https://dl.acm.org/doi/10.1145/3460120.3484739 \|series=CCS '21 \|location=New York, NY, USA \|publisher=Association for Computing Machinery \|pages=1771–1788 \|doi=10.1145/3460120.3484739 \|isbn=978-1-4503-8454-4}}</ref> ==See also==