[Owasp-leaders] A query regarding Unvalidated redirect

Ankush Mohanty ankush.mohanty at owasp.org
Wed Jan 3 17:22:43 UTC 2018


Dear leaders,

One of my colleague got an issue on a *302 found* response. He just
replaced the *Location *parameter with an external  domain(www.google.com)
and redirected to the external domain without hesitation. According to
OWASP Top 10 2012 A10 (Am I vulnerable... point no 2) it should be a
vulnerability.


Attaching the screenshot of the 302 response. Please let me know wheather I
am correct or not.


Thanks & Regards
Ankush Mohanty
-- 
Thanks and Regards
Ankush Mohanty
Cuttack Chapter Lead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180103/2f5a7e7a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IMG_2132.jpg
Type: image/jpg
Size: 1692428 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180103/2f5a7e7a/attachment-0001.jpg>


More information about the OWASP-Leaders mailing list