Click here to Skip to main content
14,933,813 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am scanning my application checkmark there few of the string are getting as Reflected XSS vulnerability with High-level security issue

Below is the Ex for vulnerability
String fromURL= "https://www.mySite.com?id=7878&name=uname";
Response.Redirect(fromURL);

What I have tried:

I have tried with using HttpUtility.HtmlEncode
String fromURL= "https://www.mySite.com?id=7878&name=uname";
   Response.Redirect(HttpUtility.HtmlEncode(fromURL));


Could you please assist on this type of Url vulnerabilities
Posted
Updated 28-Aug-20 21:14pm
Comments
F-ES Sitecore 27-Aug-20 10:38am
   
If that is genuinely your code then there is no vulnerability there so you should use the appropriate attributes to have your code checker ignore that error for that bit of code. If that isn't actually the exact code, or the vulnerability is actually elsewhere (like "/" on mysite.com), then we can't help you fix vulnerabilities in code you haven't shown us so you will need to update your question to show the actual code.
DGKumar 27-Aug-20 15:35pm
   
hi
https://www.mySite.com?id=7878&name=uname
after encoding the above url i am getting the below url
https%3A%2F%2Fwww.mySite.com%3Fid%3D7878%26name%3Duname
Sandeep Mewara 27-Aug-20 15:44pm
   
By any chance you on ASP.NET MVC 1 or 2?
Sandeep Mewara 27-Aug-20 15:45pm
   
Also,
Above redirect url is exactly the same where the XSS vulnerability is being raised or there is different url?

1 solution

Have a look at this: Unvalidated Redirects and Forwards - OWASP Cheat Sheet Series[^]

Section "Dangerous URL Redirects"
Quote:
ASP .NET MVC 1 & 2 websites are particularly vulnerable to open redirection attacks. In order to avoid this vulnerability, you need to apply MVC 3.

The code for the LogOn action in an ASP.NET MVC 2 application is shown below. After a successful login, the controller returns a redirect to the returnUrl. You can see that no validation is being performed against the returnUrl parameter.


Section "Safe URL redirect":
Quote:
Response.Redirect("~/folder/Login.aspx")


Details: Preventing Open Redirection Attacks (C#) | Microsoft Docs[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900