堆栈内存溢出
  简体   繁体   English

HttpUtility.UrlEncode()是否可以阻止Open Redirect攻击?

[英]Could HttpUtility.UrlEncode() prevent Open Redirect attack?

 原文  2017-11-14 08:26:40       asp.net/ asp.net-mvc/ security/ urlencode

问题描述

I am checking a ASP.net MVC project for the security issues. 我正在检查ASP.net MVC项目中的安全性问题。

I found some code like the following, I am wondering is UrlEncode() preventing open redirect issue? 我发现了类似以下的代码,我想知道UrlEncode()防止打开重定向问题? 

public ActionResult Redirect(string url)
{
   return Redirect(HttpUtility.UrlEncode(url));
}

1 个解决方案

解决方案1
 0  2018-01-01 17:57:00

No,Of course not! 不,当然不!

Open Redirection is basically allowing an attacker to redirect a victim to an unsafe/malicious page because of a missing URL authentication. 开放式重定向基本上是允许攻击者由于缺少URL身份验证而将受害者重定向到不安全/恶意的页面。

Encoding the Url won't help.. At all. 编码网址无济于事。

To be able to prevent it you can see my answer on this thread: 为了防止这种情况,您可以在此线程上看到我的答案:

https://stackoverflow.com/a/48051915/7827699 https://stackoverflow.com/a/48051915/7827699

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 HttpUtility.UrlEncode防止SQL注入 - HttpUtility.UrlEncode to prevent SQL inject HttpUtility.UrlEncode不编码单引号 - HttpUtility.UrlEncode not encoding single quotes HttpUtility.UrlEncode 和 Application_Start - HttpUtility.UrlEncode and Application_Start HttpUtility.UrlEncode不对+等字符进行编码 - HttpUtility.UrlEncode does not encode characters like + Server.UrlEncode与HttpUtility.UrlEncode - Server.UrlEncode vs. HttpUtility.UrlEncode 如何阻止HttpUtility.UrlEncode()从+更改为空格? - How to stop HttpUtility.UrlEncode() from changing + to space? 为什么HttpUtility.UrlEncode(HttpUtility.UrlDecode(“%20”))返回+而不是%20? - Why does HttpUtility.UrlEncode(HttpUtility.UrlDecode(“%20”)) return + instead of %20? ASP.NET MVC可以防止Open Redirect安全问题 - Could ASP.NET MVC prevent Open Redirect security issue System.Web.HttpUtility.UrlEncode / UrlDecode ASP.NET 5的替换 - Replacement for System.Web.HttpUtility.UrlEncode/UrlDecode ASP.NET 5 防止XSS攻击 - Prevent XSS attack
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM