Synopsis
Unvalidated DOM redirect
Description
Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected -- for example: `yoursite.com/#/?redirect=www.yoursite.com/404.asp`
An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus control the location of the redirection. For example, the following URL `yoursite.com/#/?redirect=www.anothersite.com` will redirect to `www.anothersite.com`.
Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites.
Scanner has discovered that the web page does not validate the parameter value prior to redirecting the client to the injected value.
Solution
The application should ensure that the supplied value for a redirect is permitted. This can be achieved by performing whitelisting on the parameter value.
The whitelist should contain a list of pages or sites that the application is permitted to redirect users to. If the supplied value does not match any value in the whitelist then the server should redirect to a standard error page.
Plugin Details
Scan Template: full, pci, scan
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: Tenable
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVSS Score Source: Tenable