Hey, I know this has been discussed before, but this issued is now in the OWASP top ten web application vulnerabilities https://www.owasp.org/index.php/Top_10_2010-A10 . The vulnerability is the feature ?_next=<SITE>. One way this good be exploited according to the vulnerability is a attacker gives out a link to the login page of your site a uniformed user attempts to login which on success gets redirected to the phishing site. On said site the attacker makes it look the same and shows the form error invalid credentials the user attempts to login again and gets redirected to the valid site. Now the attacker has the users credentials and a way into the site. A suggested solution is on default to only allow _next to redirect to a site within the application and have a config file or variable which contains a whitelist of sites that are allowed to be redirected to.
-Eric This communication, including any attachments, does not necessarily represent official policy of Seccuris Inc. Please see http://www.seccuris.com/Contact-PrivacyPolicy.htm for further details about Seccuris Inc.'s Privacy Policy. If you have received this communication in error, please notify Seccuris Inc. at i...@seccuris.com or at 1-866-644-8442.
