|
|
| (11 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| − | {{Template:Vulnerability}}
| + | #REDIRECT [[Unvalidated_Redirects_and_Forwards_Cheat_Sheet]] |
| − | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
| |
| − | | |
| − | [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
| |
| − | | |
| − | [[ASDR Table of Contents]]
| |
| − | __TOC__
| |
| − | | |
| − | | |
| − | ==Description==
| |
| − | | |
| − | A vulnerability is a weakness in an application (frequently a broken or missing control) that enables an attack to succeed. Be sure you don't put [attacks] or [controls] in this category.
| |
| − | | |
| − | # Start with a one-sentence description of the vulnerability | |
| − | # What is the problem that creates the vulnerability?
| |
| − | # What are the attacks that target this vulnerability?
| |
| − | # What are the technical impacts of this vulnerability?
| |
| − | | |
| − | | |
| − | ==Risk Factors==
| |
| − | | |
| − | * Talk about the [[OWASP Risk Rating Methodology|factors]] that make this vulnerability likely or unlikely to actually happen
| |
| − | * Discuss the technical impact of a successful exploit of this vulnerability
| |
| − | * Consider the likely [business impacts] of a successful attack
| |
| − | | |
| − | | |
| − | ==Examples==
| |
| − | | |
| − | ===Short example name===
| |
| − | : A short example description, small picture, or sample code with [http://www.site.com links]
| |
| − | | |
| − | ===Short example name===
| |
| − | : A short example description, small picture, or sample code with [http://www.site.com links]
| |
| − | | |
| − | | |
| − | ==Related [[Attacks]]==
| |
| − | | |
| − | * [[Attack 1]]
| |
| − | * [[Attack 2]]
| |
| − | | |
| − | | |
| − | ==Related [[Vulnerabilities]]==
| |
| − | | |
| − | * [[Vulnerability 1]]
| |
| − | * [[Vulnerabiltiy 2]]
| |
| − | | |
| − | ==Related [[Controls]]==
| |
| − | | |
| − | * [[Control 1]]
| |
| − | * [[Control 2]]
| |
| − | | |
| − | | |
| − | ==Related [[Technical Impacts]]==
| |
| − | | |
| − | * [[Technical Impact 1]]
| |
| − | * [[Technical Impact 2]]
| |
| − | | |
| − | | |
| − | ==References==
| |
| − | Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
| |
| − | | |
| − | * [http://cwe.mitre.org/data/definitions/79.html CWE 79].
| |
| − | * http://www.link1.com
| |
| − | * [http://www.link2.com Title for the link2]
| |
| − | | |
| − | [[Category:FIXME|add links
| |
| − | | |
| − | In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
| |
| − | | |
| − | Availability Vulnerability
| |
| − | | |
| − | Authorization Vulnerability
| |
| − | | |
| − | Authentication Vulnerability
| |
| − | | |
| − | Concurrency Vulnerability
| |
| − | | |
| − | Configuration Vulnerability
| |
| − | | |
| − | Cryptographic Vulnerability
| |
| − | | |
| − | Encoding Vulnerability
| |
| − | | |
| − | Error Handling Vulnerability
| |
| − | | |
| − | Input Validation Vulnerability
| |
| − | | |
| − | Logging and Auditing Vulnerability
| |
| − | | |
| − | Session Management Vulnerability]]
| |
| − | | |
| − | __NOTOC__
| |
| − | | |
| − | | |
| − | [[Category:OWASP ASDR Project]]
| |
| − | | |
| − | ==Overview==
| |
| − | | |
| − | An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
| |
| − | | |
| − | {{Template:Stub}}
| |
| − | | |
| − | ==Consequences ==
| |
| − | | |
| − | [[Phishing]]
| |
| − | | |
| − | ==Exposure period ==
| |
| − | | |
| − | ==Platform ==
| |
| − | All web platforms affected
| |
| − | | |
| − | ==Required resources ==
| |
| − | | |
| − | ==Severity ==
| |
| − | | |
| − | | |
| − | ==Likelihood of exploit ==
| |
| − | | |
| − | | |
| − | ==Avoidance and mitigation ==
| |
| − | To avoid the open redirect vulnerability parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser.
| |
| − | | |
| − | The server must have a relation of the authorized redirections (i.e. in a database)
| |
| − | | |
| − | ==Discussion ==
| |
| − | | |
| − | | |
| − | ==Examples ==
| |
| − | | |
| − | http://www.vulnerable.com?redirect=http://www.attacker.com
| |
| − | | |
| − | The phishing use can be more complex, using complex encoding:
| |
| − | | |
| − | Real redirect: http://www.vulnerable.com/redirect.asp?=http://www.links.com
| |
| − | | |
| − | Facked link: http://www.vulnerable.com/security/advisory/23423487829/../../../redirect.asp%3F%3Dhttp%3A//www.facked.com/advisory/system_failure/password_recovery_system
| |
| − | | |
| − | ==Related problems ==
| |
| − | | |
| − | * [[Open forward]]
| |
| − | | |
| − | [[Category:Vulnerability]] | |
