CWE-698 重定向后执行(EAR)

Execution After Redirect (EAR)

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown


The web application sends a redirect to another location, but instead of exiting, it executes additional code.


  • cwe_Nature: ChildOf cwe_CWE_ID: 705 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 670 cwe_View_ID: 1000


范围 影响 注释
['Other', 'Confidentiality', 'Integrity', 'Availability'] ['Alter Execution Logic', 'Execute Unauthorized Code or Commands'] This weakness could affect the control flow of the application and allow execution of untrusted code.


Black Box

This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss.


This code queries a server and displays its status when a request comes from an authorized IP address.

bad PHP

$requestingIP = $_SERVER['REMOTE_ADDR'];
echo "You are not authorized to view this page";
$status = getServerStatus();
echo $status;

This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).


标识 说明 链接
CVE-2013-1402 Execution-after-redirect allows access to application configuration details.
CVE-2009-1936 chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.
CVE-2007-2713 Remote attackers can obtain access to administrator functionality through EAR.
CVE-2007-4932 Remote attackers can obtain access to administrator functionality through EAR.
CVE-2007-5578 Bypass of authentication step through EAR.
CVE-2007-2713 Chain: Execution after redirect triggers eval injection.
CVE-2007-6652 chain: execution after redirect allows non-administrator to perform static code injection.