Client Side Vulnerabilities / Client-Side URL Redirect

Description

Client-side URL Redirect, also known as Open Redirect, is a vulnerability that occurs when a web application accepts an user-controlled input that specifies a redirection to an external URL. This vulnerability is listed as CWE-601 in the Common Weakness Enumeration (CWE) directory and is categorized under Client Side Vulnerabilities. It is commonly found in web applications, as well as APIs.

Risk

Client-side URL Redirects can be exploited by malicious users to direct unsuspecting users to malicious websites. These malicious websites may contain malware, phishing scams, or other malicious code. If a user visits one of these malicious sites, their device or account could be compromised. This could lead to data loss or theft, as well as financial loss.

Solution

The best way to prevent Client-side URL Redirects is to ensure that all user-supplied input is properly validated and sanitized. This should be done before the input is used in any redirection. Additionally, the application should be configured to only allow redirection to trusted URLs. The OWASP Testing Guide provides additional guidance on testing for this vulnerability.

Example

The following code is an example of a vulnerable implementation of a Client-side URL Redirect. The vulnerable code is taken from the CVE-2020-5356.

$redirect_url = $_GET['url'];
if ($redirect_url) {
    header('Location: ' . $redirect_url);
}

This code does not properly validate or sanitize the $_GET['url'] parameter before using it in a redirection. This allows an attacker to specify a malicious URL in the parameter, which would then be used to redirect the user to the malicious site.