URL injection definition
A cyberattack where a fake page is created and inserted into a genuine website. It allows cybercriminals to secretly redirect users to other websites where their credentials and other private data can be stolen. URL injection is done through plug-ins, unsecured directories, or bugs in the software.
How to avoid URL injections
- Inspect all pages as they go live, and look carefully for redirects.
- If you detect fake pages, remove them and find how they were injected into your website to patch the vulnerability.
- Perform penetration testing beforehand to prevent URL injections from happening in the first place.
- Set up web application firewalls.