HTML Form found in redirect page

Description
  • <div class="bb-coolbox"><span class="bb-dark">Manual confirmation is required for this alert.</span></div><br/> An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302. Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. <br/><br/> Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example: <code> <pre> <?php if (!isset($_SESSION["authenticated"])) { header("Location: auth.php"); } ?> <title>Administration page</title> <form action="/admin/action" method="post"> <!-- ... form inputs ... --> </form> <!-- ... the rest of the administration page ... --> </pre> </code> This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability. <br/> The correct code would be <code><pre> <?php if (!isset($_SESSION[auth])) { header("Location: auth.php"); exit(); } ?> <title>Administration page</title> <form action="/admin/action" method="post"> <!-- ... form inputs ... --> </form> <!-- ... the rest of the administration page ... --> </pre></code>
Remediation
  • Make sure the script is terminated after redirecting the user to another page.
References