00:04
Hello and welcome to the cyber very secure coding course. My name is Sonny Wear, and this is a WASP Top 10 for 2013.
00:13
A 10 unveil a dated redirects and forwards. Now first, let's take a look at our definition from O ost. Web applications frequently redirect and forward users to other pages and websites and use untrusted data to determine the destination pages.
00:32
Without proper validation. Attackers can redirect victims to fishing or malware. Sites are used for words to access unauthorized pages.
00:43
If we take a look at our mosque chart, we can see that the attack vector exploit ability in this category is average.
00:51
The technical impact is moderate.
00:55
Now, looking at the security weakness, it states, the following
00:59
applications frequently redirect users to other pages or use internal forwards in a similar manner.
01:07
Sometimes the target pages specified in an unveiling, dated parameter, allowing Attackers to choose the destination page.
01:18
Now the good news is detecting unchecked redirects is easy. Look for redirects where you can set the full u. R L Unchecked forwards are harder, since they target internal pages.
01:33
Taking a look at some code samples. We have a couple from Java first J S P code, you're going to find references to redirects in your response object. Such ascend, redirect and then a year old has passed there
01:51
in the Google G W T class window dot location, there is a replace method that case in a string that
02:00
directs the user to a new U. R L. So in either of these cases,
02:06
if unveil it dated data is passed to those location functions,
02:12
they can provide the opportunity
02:15
for our victims to be redirected to an attacker controlled website.
02:21
Now the PHP sample code we have is very similar in nature to the Java. Here we have some code that receives the value from the U. R L parameter and then immediately uses that value as its assigned to a variable without doing
02:38
doing any kind of validation Check.
02:43
Now the case study is on watering holes.
02:46
If you've never heard the term watering hole before, it's usually used to describe
02:53
an attacker controlled website
02:54
that is the landing page for redirected victims.
03:00
Now, in this article, the particular targeted websites were government agencies and banks,
03:09
and there were links on those pages that were actually really replaced with a redirect attack. In other words, theat location code didn't do any kind of validation. And so those links actually would forward to other watering holes.
03:30
In this particular case, the watering holes were actually websites that had very poor security.
03:37
The purpose of which, of course, is that once the victim lands on the watering hole site, meeting the website with less security, the attacker can then perform all sorts of various JavaScript injection attacks, behind the scenes to perform cookie stealing and
03:57
various other attacks
03:59
that we've covered in our modules.
