Open Redirect

An Open Redirect occurs when an application accepts a user-supplied URL parameter and redirects to it without proper validation. Attackers can exploit this by crafting malicious links that appear to originate from a trusted domain but silently forward the victim to an attacker-controlled site. This is often leveraged for phishing, credential theft, or chaining into more severe exploits such as token leakage or XSS.

Remediation

Enforce an allowlist of trusted redirect destinations; reject or normalise all other values.
Use relative paths for internal navigation instead of absolute URLs provided by user input.
Where dynamic redirects are unavoidable, validate that the supplied URL shares the same origin/domain as the application.
Encode redirect parameters and avoid reflecting user-controlled values directly in `Location` headers without checks.

Metadata

Severity: low
Slug: open-redirect

CWEs

20: Improper Input Validation
601: URL Redirection to Untrusted Site ('Open Redirect')
74: Improper Neutralization of Special Elements in Output Used by a Downstream Component

OWASP

A01:2021: Broken Access Control
API7:2023: Server-Side Request Forgery (SSRF)

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

easy

Redirect.js

JavaScript Easy

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.