IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [url-redirection]

URL redirection is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection, or URL forwarding, is a technique for making web resources available under more than one URL address, or moved to a different location while maintaining compatibility with previously published URLs.

URL redirection can be set-up on a web server handling web requests, attached to web application's response headers and handled by a user-agent, or handled through a client-side script.

222 questions
8
votes
4 answers

Is it safe to redirect to URL parameter without filtering?

A webpage redirects to an URL given in parameter redirect without filtering it, like this: $newURL=$_GET["redirect"]; header('Location: '.$newURL); login.php?redirect=home.php If it echoes the input I know it's possible to perform a XSS attack,…
Fast Snail
  • 181
  • 1
  • 8
7
votes
1 answer

Wordpress site redirects to different site when using https. Have I been hacked?

I own my domain and blog infrequently, when I try to access it over https I'm first shown a warning which says that the certificate isn't trusted. This is expected as I never configured SSL for my blog, when I proceed it takes me to a random site.…
nikhil
  • 247
  • 1
  • 5
7
votes
1 answer

Are there any know browsers that support file URL redirection?

I've been addressing an open-redirect issue and in experimenting with the latest fix, I noticed that updating the redirect's protocol to file resulted in a blank page on the browser. That is, redirect.aspx?url=file://legitimate-site.com results in a…
Brian Nickel
  • 203
  • 2
  • 7
7
votes
2 answers

How to properly validate HTTP redirects?

I'm reading OWASP's Secure Coding Practices Checklist and under their "Input Validation" section they have an item that reads: Validate data from redirects (An attacker may submit malicious content directly to the target of the redirect, thus…
zharvey
  • 911
  • 3
  • 10
  • 14
7
votes
8 answers

What is the vulnerability in my PHP code?

A website of mine was recently hacked. Although the actual website remain unchanged, they were somehow able to use the domain to create a link that re-directed to an ebay phishing scam. I've taken the website down, for obvious reasons, so I can't…
Jeff
  • 943
  • 1
  • 6
  • 9
7
votes
4 answers

Bank website forwards to false site - formatted hard drive - still forwards

Summary: When I visit my bank's website, I get forwarded to a phishing mirror site. This has persisted through a re-format of my MacBook. Even on different browsers! Other computers on the same network do not have this problem, so I don't think…
Tom
  • 71
  • 1
7
votes
2 answers

One-time mystery redirect from one of our pages

I'll make the explanation of the situation as thorough as I can, and the question is at the bottom. Recently, we received a report from one of our users that, immediately after logging out of our application, he was suddenly redirected to a malware…
SCruz
  • 159
  • 5
6
votes
3 answers

Unknown URL shows my website

I run a website at https://fastslots.co. I just discovered that I am getting requests from the URL https://canadaehtees.com/ that I have no affiliation with. When I load canadaehtees.com in my browser I get a warning about an invalid SSL…
Henry
  • 63
  • 1
  • 6
6
votes
1 answer

What are the risks of accepting URL param for automatic redirection?

Can anybody name all the risks of the following scenario: User visits a page, but his session is expired, so he is auto-redirected to login page with his previous page and params added as a single parameter, encoded using PHP's…
Slava
  • 285
  • 1
  • 2
  • 9
6
votes
1 answer

How Concerning Is This X-CU-modified: FAKECU Text Attack?

A user clicked on the link of this email and entered their credentials, thinking the message was legitimate. However, the link didn't redirect to the fake site, and instead their mail client sent them to the link as it was displayed (the real mail…
Louis Waweru
  • 163
  • 5
6
votes
3 answers

What security holes are introduced by clicking an unknown link?

I recieved an email today that told me that "My account was comprised", an obvious fishing attempt, or so I thought. When I clicked the link, just for the fun of it, it brought me to a page which closed immediately. This got me thinking about…
tuskiomi
  • 162
  • 6
6
votes
3 answers

Url Shortener vulnerability

I have service like tiny URL to shorten www.example.com/[6chars] URLs. However it includes person specified sensitive information. How can I protect the URL bruteforce scanners to the detect if URL has response. Or anyway it is…
engincancan
  • 163
  • 6
5
votes
8 answers

Checking "return" parameter in login page

My login page accepts the "return" parameter, which should contain URI to redirect user if he wasn't logged in and tried to access page which isn't accessible by unauthenticated users. It could be anything from my site. How do I properly check that…
vbezhenar
  • 257
  • 2
  • 6
5
votes
1 answer

A couple of redirects after clicking in a link, what are they after?

I got an mass email from an friend containing only this link (made not clicable on purpose): http://www.casadelapiedra.com/components/com_content/id876757355.php I imagine she is got some kind of virus, but since I'm curious and not very careful I…
Cleber Goncalves
  • 403
  • 3
  • 7
5
votes
4 answers

Cross-platform browser link highjacking/redirect issue in Chrome

I'm having strange issues using Chrome Version 65.0.3325.181 (Official Build) on PC (Win 7) and OSX (10.11.6) on different systems. Clicks are often being hijacked taking me to different sites (often gambling ones). Or alternatively, clicks are…
Turkeyphant
  • 181
  • 1
  • 8
1 2
3
14 15