Description

Detects unvalidated URL redirects in C# applications where Response.Redirect is called with user-controlled input. This vulnerability could allow attackers to redirect users to malicious websites by manipulating the redirect URL parameter, potentially enabling phishing attacks.

Detection Strategy

• Identifies calls to Response.Redirect method in C# code

• Checks if the redirect URL parameter originates from user-controlled sources like request parameters or user connection data

• Reports a vulnerability when Response.Redirect is called with an unvalidated URL from user input

• Focuses on direct parameter passing without proper URL validation or sanitization checks

Vulnerable code example

using System;

public class VulnerableRedirect 
{
    public void ProcessRedirect(HttpRequest request) 
    {
        string userInput = request.QueryString["url"];
        Response.Redirect("https://" + userInput); // Vulnerable: Direct use of user input in redirect without validation...

✅ Secure code example

using System;
using System.Text.RegularExpressions;

public class SafeRedirect 
{
    private static readonly string[] ALLOWED_DOMAINS = { "trusted-domain.com", "other-safe-domain.com" };
    
    public void ProcessRedirect(HttpRequest request) ...