URL redirection

URL redirection

Published on 2006-07-11. Updated on 2009-04-22.

Description:
This script is possibly vulnerable to URL redirection attacks.

URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.

Impact:
A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers.

Recommendation:
Your script should properly sanitize user input.

Tags: Parameter manipulation

Alert Tags: url_redirection
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

NIST

CRLF injection

HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics

PHP header() CRLF Injection

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking