Description
An Insecure Redirect is a HTTP redirect that allows an arbitrary URL to be passed. Insecure Redirect vulnerabilities are often not recognized as problem, since they do not directly impact the website they are found in. However, they can be used by attackers to redirect users to malicious hosts, while still appearing to be on a trustworthy domain. Phishing attacks can also make use of insecure redirects to give the appearance of legitimacy.
After logging a user out, the application redirects the user to whatever value is passed to the 'redirect' URL parameter. This can be seen in the logout() function below.
def logout_view(request):
logout(request)
url = request.GET.get('redirect')
if not url: url = '/taskManager/'
project_list = Project.objects.order_by('-start_date')
return redirect(url)
Do we really need to takes user input to determine their final location during logout? Remove any reference to a url parameter in the GET request and always redirect the user to the TaskManager homepage.
While using the application, look for any obvious input points which may be parsed by the application for redirecting a user (e.g. 'return_to' URL parameter).