Summary #

Invicti identified an unexpected redirect response body (too large).

This generally indicates that after redirect the page did not finish the response as it was supposed to.

Impact #
This can lead to serious issues such as authentication bypass in authentication required pages. In other pages it generally indicates a programming error.
Remediation #
  1. Finish the HTTP response after you redirect the user.
  2. In ASP.NET, use Response.Redirect("redirected-page.aspx", true) instead of Response.Redirect("redirected-page.aspx", false).
  3. In PHP applications, call exit() after you redirect the user.
Classifications #
CWE-698; ISO27001-A.14.2.5; WASC-40; OWASP PC-C6

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo