<div>
So, could redirectToAfterLoggingIn still have a value like:<br />
<br />
/?returnurl=<a href="http://reallybadsite.com" rel="ugc">http://reallybadsite.com</a><br />
<br />
I am trying to assess the danger of calling the Redirect function, as written.<br />
<br />
Should I create a different version of my whitelist check which could attempt to extract a URL to verify, from that partial domain?
</div>


So, could redirectToAfterLoggingIn still have a value like:

/?returnurl=http://reallybadsite.com [http://reallybadsite.com]

I am trying to assess the danger of calling the Redirect function, as written.

Should I create a different version of my whitelist check which could attempt to extract a URL to verify, from that partial domain?

<div>
<div class="content wysiwyg-content">
Does this C# block return URL hacking?<br />
<br />

<pre><code id="code-10-29087022-1">            if (Url.IsLocalUrl(redirectToAfterLoggingIn) &amp;&amp; redirectToAfterLoggingIn.Length &gt; 1 &amp;&amp;
                (redirectToAfterLoggingIn.StartsWith(&quot;/&quot;) &amp;&amp; !redirectToAfterLoggingIn.StartsWith(&quot;//&quot;)) &amp;&amp;
                !redirectToAfterLoggingIn.StartsWith(&quot;/\\&quot;))
                return Redirect(redirectToAfterLoggingIn);</code></pre>
<br />
I find it confusing, at best.<br />
<br />
How can it be a local URL if it starts with a &quot;/&quot;?<br />
<br />
Thanks
</div>
</div>


Does this C# block return URL hacking?

(CODE)

I find it confusing, at best.

How can it be a local URL if it starts with a "/"?

Thanks

Does this C# block return URL hacking?

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

Most development for the Microsoft platform is done utilizing the technologies supported by the.NET framework. Other development is done using Visual Basic for Applications (VBA) for programs like Access, Excel, Word and Outlook, with PowerShell for scripting, or with SQL for large databases.

Microsoft Development

C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).