« Back to home

		 		               _      _       _   _       
				 abaykan      | |    | |     | | | |      
				  ___ ___   __| | ___| | __ _| |_| |_ ___ 
				 / __/ _ \ / _` |/ _ \ |/ _` | __| __/ _ \
				| (_| (_) | (_| |  __/ | (_| | |_| ||  __/
				 \___\___/ \__,_|\___|_|\__,_|\__|\__\___|
		

Overview

Unvalidated redirects (Open Redirect) and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance. Unvalidated redirect and forward attacks can also be used to maliciously craft a URL that would pass the application's access control check and then forward the attacker to privileged functions that they would normally not be able to access.
Source: https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html

Open Redirects Example

We provide several examples of tricks for Open Redirect that will redirect you to the evilsite.com site.

Test your Open Redirect Payloads here.

Impact

The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable.
Source: https://www.netsparker.com/blog/web-security/open-redirection-vulnerability-information-prevention/

Made with ♥ by Codelatte Team