CGI Generic Open Redirection
Medium Nessus Plugin ID 47834
SynopsisA web application is potentially vulnerable to uncontrolled redirection.
DescriptionBy providing specially crafted parameters to CGIs, Nessus was able to redirect to a third-party website.
As redirections are commonly used, it is possible that users will be unaware that something abnormal is happening.
This kind of attack can be used to steal confidential data, typically credentials (phishing).
SolutionModify the relevant CGIs so that they properly escape arguments.