About Open Redirect Vulnerabilities
Open redirect vulnerabilities occur when a web application redirects users to arbitrary URLs without proper validation. These vulnerabilities can be exploited for phishing attacks, malware distribution, and bypassing security controls.
Common Attack Vectors
URL Parameters: Direct use of user input in redirect URLs
HTTP Headers: Trusting Referer, X-Forwarded-For, or custom headers
JavaScript: Client-side redirects without validation
Meta Refresh: HTML meta refresh tags with unvalidated URLs
Filter Bypasses: Various techniques to bypass security filters
Impact
Phishing attacks using trusted domains
Malware distribution through redirect chains
Bypassing security controls and filters
Social engineering attacks
SEO manipulation