Wednesday, July 31, 2013

Avoid MVC Open Redirection attack

Open Redirection attack


Sample URL.
Scenario 1: Normal Login process
The first address, redirects users to the Home/Index after successful Login

1. http://www.codingtips.net/Account/login?ReturnUrl=/Home/Index

Scenario 2: Hacked /Tampered URL.
The second address redirects users to the Unknown website, it means the second address is manipulated by the hackers.

2. http://www.codingtips.net/Account/login?ReturnUrl=www.UnknownSite.com

Remedy: Prevent URL redirection to unknown site. If URL tampered it will always return to home page.

private ActionResult Redirect(string returnUrl)
        {
            if (Url.IsLocalUrl(returnUrl))
            {
                return Redirect(returnUrl);
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }

 
Post a Comment