Possible Header Injection and Open Redirect
-
Hey,
Your plugin is vulnerable to HTTP Header Injection (https://www.owasp.org/index.php/HTTP_Response_Splitting) and Open Redirect (https://www.owasp.org/index.php/Open_redirect).
To prevent first one you should filter $url and remove all new line characters (\r, \n) before sending data to header().
To prevent 2nd, you could use at least some simple hash and put it in the URL.
Hash could be md5($url + $secret), where $secret should be some value unique for every wordpress installation (eg. configured by developer).
(more secure way is to create unique, random hash for every url and save it to db)Cheers,
Kacper.
Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
- The topic ‘Possible Header Injection and Open Redirect’ is closed to new replies.
