A phishing attack example could be the following: If the application uses forwards to route requests between different parts of the site.To facilitate this, some pages use a parameter to indicate where the user should be sent if a transaction is successful.The redirection will be in the login form or the URL. Such redirects may attempt to install malware or trick victims into revealing passwords or other delicate data. This vulnerability occurs when an application accepts untrusted input that has an URL value without sanitizing it.
While there are many ways to create a redirect or forward, the exploit in this case boils down to the destination URL being included in the address bar for the source page.
To learn more about how our Web Application Firewall blocks unvalidated redirects and forwards, call Site Lock at 855.378.6200.
In order to use Medscape, your browser must be set to accept cookies delivered by the Medscape site.
Web applications often redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages.
Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to use unauthorized pages.