What are the security issues when redirecting a user after logging in to the URL provided on the login form?

Question

What are the security issues when redirecting a user after logging in to the URL provided on the login form?

I have a member area on my site where, if the user is not logged in, they are redirected to the login URL from? redirect = [CURRENT_URL], and after a successful login, they are redirected back to [CURRENT_URL].

What are the potential security issues with this approach, how to prevent them, and what are the alternatives?

eg. an attacker can link to my site with a redirect to another site, can another site steal my cookie to log in? Is it possible to run arbitrary javascript on my site using this approach?

+5

redirect security login

Charles Ma Jun 08 '11 at 5:38

source share

1 answer

MJB · Accepted Answer · 2011-06-08T05:41:19+0000

If the current URL is not edited, you may be exposed

XSS (cookie theft, injection scripts)
Response Header Separation

etc.

If you know that the current URL is constant and has no parameters, this is not so risky. As soon as you add parameters or create a URL based on user input, complexity arises.

Trivial XSS Example:

Say your url may have a query string entered through user input. then what prevents them from talking

redirectUrl = "yoursite.jsp somevariable =" warning ('malicious') "); or redirectUrl =" yoursite.jsp somevariable =? "alerts (document.cookies)");

And steal your cookies or execute another evil java script.

. , CRLF, .

Wikipedia - , HTTP.

, , URL-, , , , , .. , , -

redirectURL = "http://myfakebank.com"

, , : ", "

What are the security issues when redirecting a user after logging in to the URL provided on the login form?

More articles: