Open redirect

From HandWiki

In internet security, an open redirect is a type of computer security vulnerability found in web applications.^[1]^[2]

Attack

An application can be exploited if it parses user input for making an URL redirection decision, which is then not properly validated.^[1]

An example or this attack on a example.com would be https://example.com/login&redirect=https://badwebsite.com

References

↑ ^1.0 ^1.1 Li, Vickie (2021). Bug bounty bootcamp: the guide to finding and reporting web vulnerabilities. San Francisco. ISBN 978-1-7185-0155-3. OCLC 1260169925. https://www.worldcat.org/oclc/1260169925.
↑ Canlas, Roman (2021). ASP.NET Core 5 Secure Coding Cookbook. Ed Price, an O'Reilly Media Company Safari (1st ed.). Packt Publishing. ISBN 9781801079020. OCLC 1264230735. https://www.worldcat.org/oclc/1264230735.

External links

Open redirection (reflected) by PortSwigger

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Open redirect. Read more

Retrieved from "https://handwiki.org/wiki/index.php?title=Open_redirect&oldid=3376198"