S. SinhaBug Bounty Hunting for Web Securityhttps://doi.org/10.1007/978-1-4842-5391-5_5

5. Header Injection and URL Redirection

Sanjib Sinha¹

(1)

Howrah, West Bengal, India

Header injection and URL redirection are possible when a web application accepts unvalidated user inputs. This untrusted data may redirect the page to a malicious web site.

Introducing Header Injection and URL Redirection

Consider some simple PHP code:

//code 5.1

<?php

/* Redirecting browser */

header("Location: https://www.sanjib.site");

The preceding PHP file, once clicked, takes us to the https://sanjib.site.

Now, consider a case when a developer writes the same code this way:

//code 5.2

<?php

/* Taking untrusted input from a form and Redirecting browser */

$RedirectingURL ...

Get Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications by Sanjib Sinha

5. Header Injection and URL Redirection

Introducing Header Injection and URL Redirection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly