Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Execution After Redirect (EAR)

Last Updated: Jul 25, 2016 11:50AM CEST

A redirect can be ignored by an attacker, so it’s very important to refrain from sending sensitive data that an attacker can get hold of by just ignoring the redirect.

What can happen?

The consequences of Execution After Redirect vary from case to case, which is why it is difficult to determine a general level of threat. An example of usage from the attacker's perspective is to access a page intended just for logged in users, which could result in all kinds of sensitive data being disclosed.

Example of Execution After Redirect

<?php

    if (!$loggedin) {
        header('location: login.php');
    }

    echo "This should only be shown to logged in users.";

?>

This code will send the redirect, but also the data intended just for logged in users, which visitors won’t see. The attacker, however, can choose to ignore the redirect and by doing so be able to read the data intended for logged in users.

Remediation

You need to somehow get the script to not send the sensitive data after the redirect. In PHP this can be done by simply include a die(); after the redirect.

<?php

    if (!$loggedin) {
        header('location: login.php');
        die(); // this makes sure nothing more is sent
    }

    echo "This should only be shown to logged in users.";

?>

The script will detect that the attacker isn’t logged in and redirect them to login.php. It will then execute die(); which stops the continued execution of the page and prevents any more data from being sent.

Resources

Related articles

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete