Fluid Attacks Database

Description

Detects unsafe URL redirections in PHP Symfony applications where untrusted/unsanitized data is used in redirect operations. This vulnerability could allow attackers to redirect users to malicious websites through manipulation of redirect parameters, enabling phishing attacks.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

• Verifies if the Symfony HttpFoundation Request component is imported in the code

• Looks for redirect calls using the pattern '$this->redirect'

• Checks if the first argument of the redirect call contains untrusted input

• Confirms the redirect URL parameter is not properly sanitized

• Reports a vulnerability when an unsanitized, user-controlled URL is used in redirect operations

Vulnerable code example

<?php

function handleRedirect($request) {
    $targetUrl = $request->query->get('redirect_to');
    
    // VULNERABLE: Directly using user input in redirect without validation
    return redirect($targetUrl);  
}

✅ Secure code example

function handleRedirect($request) {
    $targetUrl = $request->query->get('redirect_to');
    
    // Define allowed hosts for redirects
    $allowedHosts = ['myapp.example.com', 'secure.example.com'];
    
    // Validate and sanitize the URL before redirect
    if (!empty($targetUrl)) {...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.