CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Some web applications contain redirections. If they are not properly handled, they could enable an attacker to redirect a victim to non-expected resources.
Let's take an example. Given a PHP page that has following code in it:
/*** * index.php */ <?php $redirect_url = $_GET['url']; header("Location: " . $redirect_url); ... ?>
A normal behavior could be an internal redirection to another page of the same application. Although, this poor code would enable an attacker to use:
|Consequences||Code execution, Data loss, Denial of service|
|Ease of Detection||Easy|