The web application sends a redirect to another location, but instead of exiting, it executes additional code.
Time of Introduction
Implementation
Common Consequences
Scope
Effect
Other
Confidentiality
Integrity
Availability
Technical Impact: Alter execution
logic; Execute unauthorized code or
commands
Detection Methods
Black Box
This issue might not be detected if testing is performed using a web
browser, because the browser might obey the redirect and move the user
to a different page before the application has produced outputs that
indicate something is amiss.
Weakness Ordinalities
Ordinality
Description
Primary
(where
the weakness exists independent of other weaknesses)