String fromURL= "https://www.mySite.com?id=7878&name=uname"; Response.Redirect(HttpUtility.HtmlEncode(fromURL));
Quote:ASP .NET MVC 1 & 2 websites are particularly vulnerable to open redirection attacks. In order to avoid this vulnerability, you need to apply MVC 3. The code for the LogOn action in an ASP.NET MVC 2 application is shown below. After a successful login, the controller returns a redirect to the returnUrl. You can see that no validation is being performed against the returnUrl parameter.
Quote:Response.Redirect("~/folder/Login.aspx")
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)