What-are-open-redirects

when the destination of a redirect is provided by the client and if the server does not filter/validate the untrusted user provided destination then the application has open redirect vulnerability. Developer who use dynamic redirects based in user input must treat the user input as untrusted, otherwise the attacker can send the user to malicious site.

Http get requests where query string is used to pass input parameters to webapi can be used to create this attack. For example

<html> 
<a href="https://example.com/somepage?redirecturl=http://attacker.com ">  <img src="http://attacker-site/click_for_discount.jpg"> </a>
</html>

Clicking on the above link (the user will simply see an image) on any page will lead to a http get request to somepage api with input parameter redirecturl whose value is set to a malicious website by the attacker. (The attacker could send a url through email as well) clicking on the url will trigger a get request which could lead to open redirect attack.

Open redirect are most commonly used for phishing attack where the victim is taken a malisious website that looks the same as original website and hence can be used for stealing credentials.

How to avoid open redirect

do not use open redirect.
if open redirect must be used , use redirect id. eg https://example.com/somepage?redirect_id=12. (in the backend redirect id is mapped to redirect url)

	Nishant Anand I am technical architect with around 18 years of experience in telecom , banking and health care domain. I was part of the founding team of Drishti and currently CTO at affordplan
	Consult Send Query