Open Redirect occurs when a vulnerable web page is redirected to a non-compliant page that may compromise the user.
14 days Free trial
No Commitment
Open redirect attacks usually happen with a phishing attack because the changed vulnerable link is identical to the original site, increasing the likelihood of success of the phishing attack.
This vulnerability is often exists in web applications where the redirection is set with a "GET" parameter in the URL.
https://www.monsite.com?redirectURL=https://www.httpcs.com
In this example, monsite.com must redirect the user to httpcs.com. What happens if a malicious person changes the URL redirection ?
https://www.monsite.com?redirectURL=https://www.siteMalicieux.com
Now the site redirects the user to a malicious site.
Vulnerable PHP code :
$redirect_url = $_GET['url'];
header("Location: " . $redirect_url);
Here, there is not any control on user inputs. So this one can modify the URL redirection to a malicious website thanks to an Open Redirect vulnerability.
It is necessary to control as much as possible the inputs of a user and to apply the principle of "Never trust a user".
Detect security flaws on your website or web application thanks to the Web Vulnerability Scanner of HTTPCS. This online security tool allows you to detect any flaws you have (top 10 OWASP, CVE and other vulnerabilities implemented in the robot) to ensure the best protection of your site on a daily basis. Easily schedule automated audits, discover your vulnerabilities and find out what patches to apply to avoid being hacked.
14 days Free trial
No Commitment