Bitrix open redirect
Description
The Bitrix web application framework contains an open redirect vulnerability that allows attackers to craft malicious URLs that redirect users to arbitrary external websites. When users click these specially crafted links, they are redirected from the legitimate Bitrix-based website to an attacker-controlled destination. This vulnerability exists because the application fails to properly validate redirect destinations before performing the redirection.
Remediation
Apply the following remediation steps to address this vulnerability:
1. Upgrade Bitrix: Update to the latest stable version of Bitrix that addresses this vulnerability. Check the official Bitrix release notes for security patches.
2. Implement redirect validation: If immediate upgrading is not possible, implement server-side validation for all redirect parameters:
// Example: Validate redirect URLs against a whitelist
$allowedDomains = ['example.com', 'subdomain.example.com'];
$redirectUrl = $_GET['redirect'];
$parsedUrl = parse_url($redirectUrl);
if (isset($parsedUrl['host']) && !in_array($parsedUrl['host'], $allowedDomains)) {
// Reject or redirect to safe default
header('Location: /default-page');
exit;
}
3. Use relative URLs: Where possible, use relative paths instead of absolute URLs for internal redirects
4. Implement warning pages: For legitimate external redirects, display an interstitial warning page informing users they are leaving your site
5. Review application code: Audit all redirect functionality to ensure proper validation is in place