Execution After Redirect
Variants:
Direct
Also Known As:
EAR
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Authentication Enforcement, Privilege Validation
Invented In:
01/12/2010
Added In:
05/12/2014
Vector Operation Method:
Attackers can execute seemingly protected modules in the applications while ignoring redirects designed to protect the modules from unauthorized access, by acessing or re-accessing these modules with input parameters relevant for the code execution, and hoping the operations will be executed DESPITE the redirects, due to a lack of actual code termination. These attacks can enable attackers to gain access and even affect authenticated, privileged or otherwise sensitive content.
