Open Redirect
What is Open Redirect?
Open RedirectA vulnerability where an application forwards users to a URL supplied in a request parameter without validating it, enabling phishing and credential-harvesting campaigns.
Open redirect occurs when a server-side or client-side redirect target is controlled by user input (e.g. ?next=, ?returnUrl=, ?redirect=) and the application fails to restrict the destination to trusted hosts. Attackers craft links that point to the trusted domain but redirect to an attacker-controlled site that mimics login or payment pages. Because the initial URL belongs to a reputable domain, victims and email filters tend to trust it, raising phishing success rates. Open redirects are also commonly chained into OAuth flows to steal authorization codes. Defences include allow-listing target hosts/paths, using server-side mappings instead of raw URLs, displaying interstitial warnings, and signing redirect parameters.
● Examples
- 01
`https://bank.example/login?next=https://attacker.tld/login` that lands the user on a credential-harvesting clone.
- 02
An OAuth `redirect_uri` parameter abused to leak authorization codes to a malicious endpoint.
● Frequently asked questions
What is Open Redirect?
A vulnerability where an application forwards users to a URL supplied in a request parameter without validating it, enabling phishing and credential-harvesting campaigns. It belongs to the Attacks & Threats category of cybersecurity.
What does Open Redirect mean?
A vulnerability where an application forwards users to a URL supplied in a request parameter without validating it, enabling phishing and credential-harvesting campaigns.
How do you defend against Open Redirect?
Defences for Open Redirect typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Open Redirect?
Common alternative names include: Unvalidated Redirect.