HTML Form found in redirect page security risk

To understand the title, let us see this example.

Assume that we have two pages as following:

  1. Admin Page (Only can accessible by login users)
  2. No Access Page (Redirect page to show the anonymous user that you don’t have access to admin page)

Admin page has the following critical information

Untitled

No Access page show the following message to anonymous user

Untitled

Now to prevent the anonymous user to access the admin page, I used the below code in the page load event to redirect the user to No access page using Response.RedirectLocation

Untitled

If you try to access the admin.aspx page using the browsers, then you will get this result

Untitled

But if you try to use tool like HTML Editor which belong to Acunetix then you will get the following result

Untitled

But why?

The reason for this vulnerability that Response.RedirectLocation doesn’t terminate the response because the above client tool is not based on Web behavior so no direction happened and we able to see the content of admin page.

To fix this issue, simply add Response.End() or instead of this , you can use Respose.Redirect which internally call Response.End() to stop processing the result

Untitled

For more details

http://www.acunetix.com/blog/articles/html-form-found-in-redirect-page/

Advertisements

One thought on “HTML Form found in redirect page security risk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s