Security Flaw URL Redirection - Code World

Security Flaw URL Redirection

Mobile 2023-07-29 18:06:25 views: null

Defect type: URL redirection

Defect description: If unvalidated input is allowed to control the URL used by the redirection mechanism, it may be beneficial for attackers to launch phishing attacks

Propagation path: [source] get the content process.env; [burst point] execute the assignment operation and assign it to location.href

if (code === 401) {
     if (!isRelogin.show) {
        isRelogin.show = true;
        MessageBox.confirm('登录状态已过期，您可以继续留在该页面，或者重新登录', '系统提示', {
          confirmButtonText: '重新登录',
          cancelButtonText: '取消',
          type: 'warning'
        }).then(() => {
        isRelogin.show = false;
        store.dispatch('LogOut').then(() => {
          location.href = process.env.VUE_APP_CONTEXT_PATH + "index";
        })
      }).catch(() => {
        isRelogin.show = false;
      });
    }
    return Promise.reject('无效的会话，或者会话已过期，请重新登录。')
}

solution:

location.href = process.env.VUE_APP_CONTEXT_PATH + "index";

Change to location.reload();

Guess you like

Origin blog.csdn.net/qq_38517231/article/details/131044802

Security Flaw URL Redirection

Flask redirection problem: If no security verification URL

Apache configuration URL Redirection

Pikachu-URL redirection

pikachu unsafe url redirection

requests handle redirection of url

PHP URL redirection

URL redirection vulnerability, python creates URL redirection vulnerability detection script

beego-vue URL redirection

3. Mobile Security Penetration Testing - (Android basic flaw)

Intel AMT security flaw could let hackers seize control of laptops

Intel AMT security flaw could let hackers seize control of laptops

[Flask] Flask URL construction (url redirection)

php - cURL acquired from url redirection

Java obtain network redirection URL (302 redirect)

nginx url automatically adds slashes and 301 redirection

Network Security - URL Details

Apache Part IV: Ubuntu 16.04 under the Apache URL redirection settings

pakachu-php deserialization / xee vulnerability / url redirection / ssrf

pikaqiu practice platform -URL redirection, directory traversal, disclosure of sensitive information

Webview redirection and net::ERR_UNKNOWN_URL_SCHEME analysis and solution

WinRAR flaw reproduction process

jbpm design flaw

jbpm design flaw

Autumn Park QBlog resolve technical principles: UrlRewrite of URL redirection system (IV)

103. The difference between two kinds of URL acquisition, redirection (sendRedirect) and request forwarding (forward)

CRLF injection vulnerability, URL redirection, resource processing denial of service detailed introduction (with examples)

Spring Security url dynamic access control (III)

URL http and https have a big difference in security

Spring security implements simple url permission interception

Recommended

Ranking

Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box

[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)

4-yl Fast Fourier Transform

DataGirdView interlaced display color

[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]

[Asp.net core series] 6 the complete structure of a project in actual combat

The new version of OpenCenterV3 management background

Why can box plots detect outliers and what is the principle?

[Switch] jumbo frame Introduction

C++对象移动（3）——移动构造函数

Daily

More

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)