Click here to Skip to main content
15,867,921 members
Please Sign up or sign in to vote.
1.44/5 (3 votes)
See more:
Observation
            Un-validated Redirect: The login form is vulnerable to un-validated redirect attacks:
 
Affected URLs: https://example.com/login.aspx?returnURL=https://www.attacker.com 


Impact 
          By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Recomendation
          Whitelist the redirect URLs and prevent redirection outside parent domain. 



i dont know what is the problem is that.and what they saying.


What I have tried:

My understading  is
if login the application that redirect another un- validated page.
 
How to fix it what is the problem is that 
Posted
Updated 22-Feb-17 2:38am

1 solution

There's a pretty good explanation of open redirection attacks and steps you can take to avoid them here[^]. If I were you, I would try out the techniques listed there.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900