Which vulnerability occurs when a web application forwards a user to another resource without proper validation, potentially bypassing access controls?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which vulnerability occurs when a web application forwards a user to another resource without proper validation, potentially bypassing access controls?

Explanation:
The main idea here is unvalidated redirects and forwards. When a web application takes a destination from user input and then redirects or forwards the user to that destination without validating it, an attacker can control where the user ends up. This can be dangerous in several ways: it can send users to an external site that looks legitimate (phishing) while they remain logged in, or it can point to a resource the app should restrict access to, effectively bypassing the intended flow if the destination isn’t properly checked. Why this is the best answer: if the app trusts a user-supplied target and sends the user there automatically, you lose control over navigation. The destination becomes a lever for abuse, especially when the app creates a seamless experience by staying within a trusted domain while forwarding to a malicious site or an unintended resource. The risk increases when redirects are used for login flows or post-authentication navigation, because the user believes they are staying within the legitimate site. Helpful context: to prevent this, validate redirect targets against a whitelist of allowed domains or paths, avoid redirects to external sites when possible, and perform authorization checks on the final resource instead of relying solely on the redirect. Consider using relative redirects, or showing an intermediate confirmation page if an external redirect is truly necessary. Why the other options don’t fit: cookie snooping involves intercepting cookies, not navigation decisions; deserialization vulnerabilities deal with processing serialized data that could lead to code execution; insufficient transport layer protection refers to missing encryption (like not using TLS) rather than how navigation targets are chosen.

The main idea here is unvalidated redirects and forwards. When a web application takes a destination from user input and then redirects or forwards the user to that destination without validating it, an attacker can control where the user ends up. This can be dangerous in several ways: it can send users to an external site that looks legitimate (phishing) while they remain logged in, or it can point to a resource the app should restrict access to, effectively bypassing the intended flow if the destination isn’t properly checked.

Why this is the best answer: if the app trusts a user-supplied target and sends the user there automatically, you lose control over navigation. The destination becomes a lever for abuse, especially when the app creates a seamless experience by staying within a trusted domain while forwarding to a malicious site or an unintended resource. The risk increases when redirects are used for login flows or post-authentication navigation, because the user believes they are staying within the legitimate site.

Helpful context: to prevent this, validate redirect targets against a whitelist of allowed domains or paths, avoid redirects to external sites when possible, and perform authorization checks on the final resource instead of relying solely on the redirect. Consider using relative redirects, or showing an intermediate confirmation page if an external redirect is truly necessary.

Why the other options don’t fit: cookie snooping involves intercepting cookies, not navigation decisions; deserialization vulnerabilities deal with processing serialized data that could lead to code execution; insufficient transport layer protection refers to missing encryption (like not using TLS) rather than how navigation targets are chosen.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy