Typescript Cordova Open Redirect

Description

Detects potential open redirect vulnerabilities in Cordova applications where the InAppBrowser.open() API is called with untrusted input. This could allow attackers to redirect users to malicious websites through manipulation of the URL parameter.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

• Check for calls to cordova.InAppBrowser.open in the application code

• Examine the first argument passed to the open() method

• Verify if the URL parameter comes from an untrusted source like user input

• Report a vulnerability if the URL parameter is not properly validated before being used

Vulnerable code example

// Demonstrates vulnerable Cordova InAppBrowser usage with unsanitized input
function openExternalLink() {
    const urlParams = new URLSearchParams(window.location.search);
    const targetUrl = urlParams.get('redirect');
    
    // VULNERABLE: Opens arbitrary URL from query parameter without validation
    cordova.InAppBrowser.open(targetUrl, '_blank');
}

✅ Secure code example

function openExternalLink() {
    const urlParams = new URLSearchParams(window.location.search);
    const targetUrl = urlParams.get('redirect');
    
    // Define allowed domains that are trusted
    const allowedDomains = ['trusted-domain.com', 'api.trusted-domain.com'];
    
    try {...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.