8 lines
526 B
Plaintext
8 lines
526 B
Plaintext
User provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. Applications performing HTTP redirects based on tainted data could enable an attacker to redirect users to a malicious site to, for example, steal login credentials.
|
|
|
|
|
|
This problem could be mitigated in any of the following ways:
|
|
|
|
* Validate the user provided data based on an allowlist and reject input not matching.
|
|
* Redesign the application to not perform redirects based on user provided data.
|