Open the test interface
Unsafe URL redirection
It was found that there are four hyperlinks, and when opened in sequence, the content will jump.
When we click on the bottom hyperlink, we can see that the url becomes like this
We modify the parameters of url=i
Set payload to
http://ip:port/vul/urlredirect/urlredirect.php?url=http://www.baidu.com
After input, jump to the following interface
This vulnerability is often used to redirect phishing websites
Vulnerability prevention
Theoretically speaking, url jump is a type of CSRF. We need to verify the validity of the incoming URL to ensure that the URL comes from the correct place. The restriction methods can include the same as preventing CSRF:
1. Referer restrictions.
If we determine the source of passing URL parameters, we can implement security restrictions in this way to ensure the validity of the URL and avoid malicious users from generating jump links themselves.
2. Validity Verification Token
We ensure that all generated links come from our trusted domain. By adding a user-uncontrollable Token to the generated link to verify the generated link, we can prevent users from generating their own malicious links. Therefore, it can be used, but if the function itself is relatively open, it may lead to certain restrictions.