Let’s talk about open redirect vulnerability

Explanation

Summary

String redirect = Request["dest"];
Response.Redirect(redirect);

Recommendation:

String redirect = Request["dest"];
Int32 strDest = System.Convert.ToInt32(redirect);
if((strDest >= 0) && (strDest <= strURLArray.Length -1 ))
{
strFinalURL = strURLArray[strDest];
pageContext.forward(strFinalURL);
}

Blogger | Security Researcher | Digital forensic analyst | Twitter — @mrunal110

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store