# Open redirect

## What is it? 

An Open Redirect Vulnerability allows an attacker to redirect a user to an arbitrary website of the attacker's choosing. It occurs when an application incorporates user-supplied data into a URL which causes a redirection to that URL. This can be used to facilitate phishing attacks, steal sensitive information, or perform other malicious activities.

**A simple example**

Consider a website that uses a URL parameter to redirect the user to a specified page. For example: <http://website.com/redirect?site=http://some-site.com>. An attacker could replace "<http://some-site.com>" with a malicious site, then trick a user into following the crafted link.

Open Redirects can lead to: Phishing attacks Disclosure of sensitive information Malware installation Execution of arbitrary scripts

Other learning resources: OWASP: <https://owasp.org/www-community/attacks/Unvalidated\\_Redirects\\_and\\_Forwards> PortSwigger: <https://portswigger.net/web-security/unvalidated-redirects>

## **Checklist**&#x20;

* [ ] Does the application use redirection functions that include user-supplied input?&#x20;
* [ ] Are redirects implemented without validation of the target URL?&#x20;
* [ ] Can an attacker manipulate the redirection URL to point to an arbitrary domain?&#x20;
* [ ] Does the application append user-supplied input into the URL causing the redirection?

## Exploitation

Craft an URL with redirection to a malicious site

```
http://website.com/redirect?site=http://malicious-site.com
```

Trick the user into clicking the link

```
"You've won a prize! Click here to claim: http://website.com/redirect?site=http://malicious-site.com"
```