7 lines
524 B
Plaintext
7 lines
524 B
Plaintext
User provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. Applications performing HTTP redirects based on tainted data could enable an attacker to redirect users to a malicious site to, for example, steal login credentials.
|
|
|
|
This problem could be mitigated in any of the following ways:
|
|
|
|
* Validate the user provided data based on a whitelist and reject input not matching.
|
|
* Redesign the application to not perform redirects based on user provided data.
|