1. Unsafe url redirect (jump) principle and demonstration
Scene demo
Random test
Other points:
The third point will jump, jump to the overview page.
We url try at it, pass a corresponding url into it, it will pass over the background jump.
Under normal circumstances should jump to their own pages (as the third)
Jump to Baidu
We can also pass its own malicious sites url into it.
Look at the code behind
Through GET Request distal passed in url , determine what, if equal to i, is this sentence; no, jump to the url addresses corresponding to. This is problematic.
If you deal with this problem, we want to redirect, you need to url to restrict the white list, if not, jump to their own pages or fixed site.