The web application sends a redirect to another location, but instead of exiting, it executes additional code.
Alternate Terms
Redirect Without Exit
Time of Introduction
Implementation
Common Consequences
Scope
Effect
Other
Confidentiality
Integrity
Availability
Technical Impact: Alter execution
logic; Execute unauthorized code or
commands
This weakness could affect the control flow of the application and
allow execution of untrusted code.
Detection Methods
Black Box
This issue might not be detected if testing is performed using a web
browser, because the browser might obey the redirect and move the user
to a different page before the application has produced outputs that
indicate something is amiss.
Demonstrative Examples
Example 1
This code queries a server and displays its status when a request
comes from an authorized IP address.
(Bad Code)
Example
Language: PHP
$requestingIP = $_SERVER['REMOTE_ADDR'];
if(!in_array($requestingIP,$ipWhitelist)){
echo "You are not authorized to view this page";
http_redirect($errorPageURL);
}
$status = getServerStatus();
echo $status;
...
This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).
Description
