An Open Redirect Vulnerability allows an attacker to redirect a user to an arbitrary website of the attacker's choosing. It occurs when an application incorporates user-supplied data into a URL which causes a redirection to that URL. This can be used to facilitate phishing attacks, steal sensitive information, or perform other malicious activities.
A simple example
Consider a website that uses a URL parameter to redirect the user to a specified page. For example: http://website.com/redirect?site=http://some-site.com. An attacker could replace "http://some-site.com" with a malicious site, then trick a user into following the crafted link.
Open Redirects can lead to: Phishing attacks Disclosure of sensitive information Malware installation Execution of arbitrary scripts
Other learning resources: OWASP: https://owasp.org/www-community/attacks/Unvalidated_Redirects_and_Forwards PortSwigger: https://portswigger.net/web-security/unvalidated-redirects
Does the application use redirection functions that include user-supplied input?
Are redirects implemented without validation of the target URL?
Can an attacker manipulate the redirection URL to point to an arbitrary domain?
Does the application append user-supplied input into the URL causing the redirection?