Vulnerability
Description
Open redirection vulnerabilities occur when an application unsafely incorporates user-controllable data into a redirection target. Attackers can exploit this to redirect users to arbitrary external domains, facilitating phishing attacks. The use of a legitimate application URL and valid SSL certificate adds credibility to the phishing attempt, as many users may not notice the redirection to a different domain.
Recommendation
Validate and restrict user inputs for redirection targets, allowing only a predefined list of trusted URLs. Avoid using user-supplied data directly in redirection functions, and implement security mechanisms to detect and prevent open redirection attempts.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
