{"_id":"55dc844e6f16451700843e51","project":"55db8f8f1a91690d007ad975","parentDoc":null,"category":{"_id":"57d9b8fbda17c30e003897f1","project":"55db8f8f1a91690d007ad975","version":"55db8f901a91690d007ad978","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-14T20:54:19.794Z","from_sync":false,"order":4,"slug":"code-protection","title":"Code Protection"},"user":"55dc702d7fa0290d00559106","version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"__v":3,"githubsync":"","updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-08-25T15:05:50.747Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":4,"body":"Open Redirect vulnerabilities allow attackers to use legitimate web apps for [phishing](https://en.wikipedia.org/wiki/Phishing) campaigns. Users may receive a link in an email to your web app, follow it, then find themselves redirected to a malicious site without warning.\n\nHere is an example vulnerability in a Ruby on Rails app:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"def get\\n \\tredirect_to params[:redirect]\\nend\",\n      \"language\": \"ruby\"\n    }\n  ]\n}\n[/block]\nThis trivial action could be used to redirect users to a different app on a different domain after logging into a service. For example, after a successful login the browser may be directed to go to `http://login.example.com/?redirect=http%3A%2F%2Fhome.example.com`, which would redirect the browser to `http://home.example.com`.\n\nHowever, this trivial action could also allow a url like `http://login.example.com?redirect=http%3A%2F%2Fhackers.net`, which would redirect to the malicious `http://hackers.net` domain. The malicious URL could be sent to unsuspecting users of example.com as part of a phishing campaign.\n\nIMMUNIO protects your app by learning the location where redirects are sent, and then ensuring future redirects are sent to the same location.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Mitigation\"\n}\n[/block]\nWhen IMMUNIO detects a redirect to a different location than expected while in blocking mode, it will block the request and return a 403 Unauthorized status code.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"FAQ\"\n}\n[/block]\n## How does IMMUNIO handle different redirects within my app?\nIMMUNIO learns the expected location of redirects for each redirect action in the app code. Different redirect actions may go to different locations.","excerpt":"","slug":"open-redirect","type":"basic","title":"Open Redirect"}
Open Redirect vulnerabilities allow attackers to use legitimate web apps for [phishing](https://en.wikipedia.org/wiki/Phishing) campaigns. Users may receive a link in an email to your web app, follow it, then find themselves redirected to a malicious site without warning. Here is an example vulnerability in a Ruby on Rails app: [block:code] { "codes": [ { "code": "def get\n \tredirect_to params[:redirect]\nend", "language": "ruby" } ] } [/block] This trivial action could be used to redirect users to a different app on a different domain after logging into a service. For example, after a successful login the browser may be directed to go to `http://login.example.com/?redirect=http%3A%2F%2Fhome.example.com`, which would redirect the browser to `http://home.example.com`. However, this trivial action could also allow a url like `http://login.example.com?redirect=http%3A%2F%2Fhackers.net`, which would redirect to the malicious `http://hackers.net` domain. The malicious URL could be sent to unsuspecting users of example.com as part of a phishing campaign. IMMUNIO protects your app by learning the location where redirects are sent, and then ensuring future redirects are sent to the same location. [block:api-header] { "type": "basic", "title": "Mitigation" } [/block] When IMMUNIO detects a redirect to a different location than expected while in blocking mode, it will block the request and return a 403 Unauthorized status code. [block:api-header] { "type": "basic", "title": "FAQ" } [/block] ## How does IMMUNIO handle different redirects within my app? IMMUNIO learns the expected location of redirects for each redirect action in the app code. Different redirect actions may go to different locations.