The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Finding and Exploiting Redirection Vulnerabilities

The first step in locating redirection vulnerabilities is to identify every instance

within the application where a redirect occurs. There are several ways in which

an application can cause the user’s browser to redirect to a different URL:

■■

An HTTP redirect uses a message with a 3xx status code and a Location

header specifying the target of the redirect. For example:

HTTP/1.1 302 Object moved

Location: https://wahh-app.com/showDetails.php?uid=19821

■■

The HTTP 

Refresh

header can be used to reload a page with an arbi-

trary URL after a fixed interval, which may be zero to trigger an imme-

diate redirect. For example:

HTTP/1.1 200 OK

Refresh: 0; url=https://wahh-app.com/showDetails.php?uid=19821

■■

The HTML 

tag can be used to replicate the behavior of any

HTTP header and can, therefore, be used for redirection. For example:

HTTP/1.1 200 OK

Content-Length: 125

”0;url=https://wahh-app.com/showDetails.php?uid=19821”>

■■

Various APIs exist within JavaScript that can be used to redirect the

browser to an arbitrary URL. For example:

HTTP/1.1 200 OK

Content-Length: 120

Download 5,76 Mb.

Do'stlaringiz bilan baham: