0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a0f68645f3b9115931895a1e9d919b2f472ba898
hunting/OWASP-Top-10/A01-Broken-Access-Control/open-redirect
T
History

README.md

Open Redirect Vulnerability

Description

Open redirect vulnerabilities occur when a web application accepts user-controllable input that specifies a link to an external site and uses that link in a redirect. This vulnerability can be exploited by attackers to redirect users to malicious websites while making the URL appear legitimate.

Common Vulnerabilities

  • Unvalidated redirect parameters (e.g., ?url=, ?redirect=, ?next=)
  • Return URL manipulation in authentication flows
  • Post-login redirects
  • Logout redirects
  • URL parameter injection
  • Header-based redirects (e.g., Location, Refresh headers)

Impact

  • Phishing attacks
  • Credential theft
  • Malware distribution
  • Bypassing security controls (e.g., URL whitelisting)
  • Social engineering attacks

Testing Approach

  1. Identify redirect parameters in URLs (e.g., url, redirect, next, return, continue)
  2. Test with external URLs (e.g., http://evil.com)
  3. Try various encoding techniques to bypass filters
  4. Test protocol handlers (e.g., javascript:, data:)
  5. Test absolute and relative paths
  6. Check POST-based redirects in addition to GET parameters

Prevention

  • Avoid using user-supplied input for redirects
  • Use a mapping of allowed redirect destinations
  • Validate redirect URLs against a whitelist
  • Use relative URLs where possible
  • Implement proper input validation and sanitization
Reference in New Issue View Git Blame Copy Permalink