Open redirection

オープンリダイレクトについて。

Open redirection (reflecteed) - PortSwigger

オープンリダイレクトとは

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.

オープンリダイレクトを利用することで、フィッシングが容易になるわけだ。

対策

• Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
• Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

Rubyの場合の対応方法

Rubyでアローリスト方式の実装は下記のようになる。

allowed_urls = [
  "secureflag.com",
  "owasp.secureflag.com",
]

parsed_host = URI.parse(params[:url]).host

unless allowed_urls.include?(parsed_host)
	raise ActionController::RoutingError
end

Open Redirect in Ruby | SecureFlag Security Knowledge Base