The web application sends a redirect to another location, but instead of exiting, it executes additional code.
N/A
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: CVE-2013-1402
Execution-after-redirect allows access to application configuration details.
CVE: CVE-2009-1936
chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.
CVE: CVE-2007-2713
Remote attackers can obtain access to administrator functionality through EAR.
CVE: CVE-2007-4932
Remote attackers can obtain access to administrator functionality through EAR.
CVE: CVE-2007-5578
Bypass of authentication step through EAR.
CVE: CVE-2007-2713
Chain: Execution after redirect triggers eval injection.
CVE: CVE-2007-6652
chain: execution after redirect allows non-administrator to perform static code injection.
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
Intro: This code queries a server and displays its status when a request comes from an authorized IP address.
Body: This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).
$requestingIP = $_SERVER['REMOTE_ADDR']; if(!in_array($requestingIP,$ipAllowList)){ echo "You are not authorized to view this page"; http_redirect($errorPageURL); } $status = getServerStatus(); echo $status; ...