What it is
An open redirect occurs when a web application accepts user-controlled input to construct a redirect URL without proper validation. Attackers exploit this behavior by crafting URLs that appear legitimate but send users to phishing pages or malware-hosting domains.
For instance, an attacker could send a link like https://trusted-site.com/login?redirect=http://evil.com. Unsuspecting users see the trusted domain and assume safety, but upon login, they are redirected to a malicious site.
Open redirects are particularly dangerous in single sign-on and OAuth implementations, where tokens can be intercepted during redirection.
Why it matters
Even though open redirects may seem low impact, they serve as effective social engineering tools. Attackers use them to bypass email filters, enhance phishing credibility, or chain them with other exploits such as cross-site scripting and cross-site request forgery. Search engines may also penalize domains that facilitate open redirects, harming SEO and trust.
How to reduce risk
- Implement strict allowlists for redirect destinations.
- Use relative paths instead of absolute URLs.
- Sanitize and validate user inputs for URL parameters.
- Educate users to verify final URLs before entering credentials.
- Employ automated scanners to detect open redirect vulnerabilities.