为什么要打开重定向 URL?

发布于 2024-09-13 19:08:40 字数 589 浏览 11 评论 0原文

我一直在浏览 OWASP 前 10 个漏洞,以更深入地了解每种特定类型的漏洞。我已完成最后一项:未经验证的 URL 重定向。我了解这次攻击;现在我在 OWASP 中读到了有关此类网络钓鱼计划的内容,这似乎是显而易见的。我很难理解的是为什么这种重定向方式首先会发生。

将重定向 URL 作为参数包含在 URL 中肯定有一些优点

,即 example.com/go.php?url=newpage.php

而不是使用许多其他可能的重定向方案。即使url参数是动态生成的,难道还不能通过POST发送来防止恶意URL的创建吗?为什么 Google 允许任何人发送“手气不错”重定向网址,例如 这个会进入堆栈溢出吗?

I've been going through the OWASP top 10 to get a deeper understanding of each specific type of vulnerability. I've made my way to the last item, Unvalidated URL Redirects. I understand the attack; such a phishing scheme seems completely obviously now that I have read about it in OWASP. What I am struggling to understand is why this style of redirecting ever occurs in the first place.

There must be some advantage(s) to including the redirect URL as a parameter in the URL

ie example.com/go.php?url=newpage.php

rather than using many of the other possible redirect schemes. Even if the url parameter is generated dynamically, couldn't it still be sent through POST to prevent the creation of malicious URLS? Why does Google allow anyone to send "I'm Feeling Lucky" redirect urls like this one that goes to Stack Overflow?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

段念尘 2024-09-20 19:08:40

这个问题现在有点老了,但无论如何我都会尝试回答你,以防你仍然好奇,或者完全忘记它。 :)

以下是我能想到的添加重定向参数的两个最常见的用例:

  1. 作为在用户离开网站时监视或警告用户的一种方式。在想要跟踪趋势和用户流量的网站上,例如具有 URL 缩短器的 Twitter 或具有搜索跟踪功能的 Google,这可用于找出用户下一步要去哪里。网站还可能会仔细检查 URL 并首先检查其是否安全,或者只是向用户显示一个“离开页面”,警告他们正在离开域。

  2. 在用户必然被转移之前记住他们的意图是什么。例如,用户可能尝试直接进入其帐户页面,但他们需要先重定向到登录页面才能登录。一旦成功,用户就会被引导回他们最初尝试访问的页面,而不是默认页面,从而有助于连续性。

在第二种情况下,预期的 URL 确实可以作为隐藏参数或 cookie 传递。然而,这两种技术仍然容易受到滥用,就像 OWASP 识别的那样......除了 URL 可能作为会话变量存储在服务器端的情况之外。

This question is a bit old now, but I'll have a go at answering it for you anyway in case you're still curious, or forgot about it completely. :)

Here are the two most common use cases for adding redirect parameters that I can think of:

  1. As a way of monitoring or warning users when they are leaving the site. On websites that want to track trends and user traffic, like Twitter with its URL shorteners, or Google with search tracking, this can be used to find out where users are going next. Websites might also scrutinize the URL and check to see if it's safe first, or just present the user with a 'leaving page' that warns them that they're leaving the domain.

  2. To remember what a user's intention was before they were necessarily diverted. For instance, a user might have tried to go directly to their account page, but they need to be redirected to the login page to sign in first. Once this is successful, the user is directed back to the page they were originally trying to access, rather than a default page, aiding continuity.

In the second case, the intended URL could indeed be passed as a hidden parameter, or as a cookie. However, both of these techniques could still be vulnerable to abuse in the same way as OWASP identifies... except possibly where the URL is stored as a session variable on the server side.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文