Open Redirect Lab 1

Basic URL Parameter Redirect

Difficulty: Low

Lab Overview

This lab demonstrates a basic open redirect vulnerability where user input is directly used in a redirect without any validation or sanitization.

Objective: Test various redirect URLs to understand how open redirect vulnerabilities work.

Backend Source Code

$redirect_url = $_GET['url'] ?? '';

if (!empty($redirect_url)) {
    // Vulnerable: No validation of the redirect URL
    header("Location: " . $redirect_url);
    exit();
}

Test Input Form

Vulnerability Details

Type: Open Redirect
Severity: Medium
Parameter: url
Method: GET
Issue: Direct use of user input in Location header

Test Payloads

Try these URLs to test the vulnerability:

?url=https://evil.com
?url=//evil.com
?url=javascript:alert('XSS')
?url=data:text/html,
?url=ftp://evil.com

Attack Scenarios

Phishing attacks by redirecting to malicious sites
Bypassing security controls and filters
Stealing user credentials through fake login pages
Distributing malware through trusted domains

Mitigation Strategies

Validate redirect URLs against a whitelist of allowed domains
Use relative URLs when possible
Implement proper URL validation and sanitization
Consider using a redirect token system instead of direct URLs