User-supplied input is being passed to a redirect function.
Forcing the application to redirect to an attacker-controlled site.
EX: redirecting to Google, if it does then the application is vulnerable.
Considered a low-impact vulnerability.
Can be chained with other bugs such as SSRF, OATH bypass, and other things giving you greater impact.
Last updated 2 years ago
