locked
How to fix Request.QueryString open redirect issue in asp.net RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User42464830 posted
    I am trying to fix the open redirect issue from fortify for the below lines of code:
        public string Reference
    {
        get
        {
            string reference = null;
            if (Request.QueryString["reference"] != null)
                reference = Request.QueryString["reference"].ToString();
            return reference;
        }
    }

    Tried to set some validation while using it like:

       if (Int32.TryParse(this.StatusCode.ToString(), out int val) && !string.IsNullOrEmpty(this.Reference))
                this.Response.Redirect(
                        string.Format("fSometail.aspx?reference={0}&statuscode={1}&recurring={2}",
                        this.Reference, val, this.Recurring ? 1 : 0),
                    true);


    But it is still not resolved. Please let me know if anyone knows the fix for this.

    Here is what fortify says: In this case, the URL the client will be redirected to is accepted at get_QueryString() in fsomepage.aspx.cs at line 356.

    Tuesday, April 20, 2021 11:52 AM

All replies