ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6105/javascript/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

52 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

== Why is this an issue?
Open redirection occurs when an application uses user-controllable data to build URLs used during redirects.
An attacker with malicious intent could manipulate a user to browse into a specially crafted URL, such as ``++https://trusted.example.com/redirect?url=evil.com++``, to redirect the victim to their evil domain.
Open redirection is most often used to trick users into browsing to a malicious domain that they believe is safe. As such, attackers commonly use open redirect exploits in mass phishing campaigns.
=== What is the potential impact?
An attacker can use this vulnerability to redirect a user from a trusted domain to a malicious domain controlled by the attacker. At that point, the attacker can perform various attacks, such as phishing.
Below are some scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
==== Phishing
Suppose the attacker creates a malicious website that mirrors the interface of the trusted website. In that case, they can use the open redirect vulnerability to lead the user to this malicious site.
Due to the similarity in the application appearance and the supposedly trustable hyperlink, the user fails to identify that they are browsing on a malicious domain. From here, an attacker can capture the user's credentials, bypass Multi-Factor Authentication (MFA), and take over the user's account on the trusted website.
==== Malware distribution
By leveraging the domain mirroring technique explained above, the attacker could also create a website that hosts malware. A user who is unaware of the redirection from a trusted website to this malicious website might then download and execute the attacker's malware. In the worst case, this can lead to a complete system compromise for the user.
==== JavaScript injection (XSS)
In certain circumstances, an attacker can use DOM-based open redirection to execute JavaScript code. This can lead to further exploitation in the trusted domain and has consequences such as the compromise of the user's account.
// How to fix it section
include::how-to-fix-it/dom.adoc[]
== Resources
include::../common/resources/standards.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Change this code to not perform client-side redirection based on user-controlled data.
'''
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink