Malicious misdirection
Unvalidated redirects and forwards include vulnerabilities to attacks through open redirect, UI redressing, or a client-side URL redirection. These attack types involve placing malicious links into the user's path that force a connection to an unintended site for additional attacks, whether they initiate malware downloads or intercept future communications or credentials. Web applications themselves are complicit in this, as it means that the developers have not deployed adequate code validation, session management, or are reliant on a flawed, and thereby vulnerable, framework or module.
The OWASP 2013 Top 10 ranked this threat as a #10 threat (as shown in the following screenshot), but the 2017 version (in its current ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access