Execution After Redirect
Also Known As:
Authentication Enforcement, Privilege Validation
Vector Operation Method:
Attackers can execute seemingly protected modules in the applications while ignoring redirects designed to protect the modules from unauthorized access, by acessing or re-accessing these modules with input parameters relevant for the code execution, and hoping the operations will be executed DESPITE the redirects, due to a lack of actual code termination. These attacks can enable attackers to gain access and even affect authenticated, privileged or otherwise sensitive content.