Fluid Attacks Database

Description

Detects unsafe URL redirections in PHP applications where user-controlled input is used in header-based redirects. This vulnerability could allow attackers to redirect users to malicious websites through manipulation of URL parameters.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

• Identifies calls to PHP's header() function used for URL redirection

• Checks if the redirect location/URL contains user-controllable input

• Reports a vulnerability when header() redirects using unvalidated user input

• Focuses on Location header redirects that could lead to arbitrary redirections

Vulnerable code example

<?php
function redirectToPage() {
    $destination = $_GET['url'];  // Unsafe: Directly using user input 
    header("Location: " . $destination);  // Vulnerable: No validation before redirect
    exit();
}

// Usage...

✅ Secure code example

<?php
function redirectToPage() {
    $allowedDomains = [
        'example.com',
        'subdomain.example.com'
    ];
    
    $destination = $_GET['url'] ?? '';  // Use null coalescing operator for safety...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.