In internet security, an open redirect is a type of computer security vulnerability found in web applications.[1][2]
Attack
An application can be exploited if it parses user input for making an URL redirection decision, which is then not properly validated.[1]
An example or this attack on a example.com would be https://example.com/login&redirect=https://badwebsite.com
References
- 1 2 Li, Vickie (2021). Bug bounty bootcamp: the guide to finding and reporting web vulnerabilities. San Francisco. ISBN 978-1-7185-0155-3. OCLC 1260169925.
{{cite book}}: CS1 maint: location missing publisher (link) - ↑ Canlas, Roman (2021). ASP.NET Core 5 Secure Coding Cookbook. Ed Price, an O'Reilly Media Company Safari (1st ed.). Packt Publishing. ISBN 9781801079020. OCLC 1264230735.
External links
- Open redirection (reflected) by PortSwigger
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.