php - XSS, encoding a return url -
here vulnerable code
<?php header("location: ".$_post['target']); ?>
what appropriate way make sure nasty things come in target cleaned?
first up, vulnerability
owasp categorizes "unvalidated redirects , forwards". see owasp's guide more information.
a few interesting attacks possible. see this thread on sla.ckers.org ideas on how can abused.
how protect yourself?
- verify scheme of url. want support http , https. abort request other scheme.
- parse url, , extract domain. allow redirects known list of domains. other domains, abort request.
that's it.
Comments
Post a Comment