Open Redirect

Source Code snippet

User-supplied input is being passed to a redirect function.

Goal

Forcing the application to redirect to an attacker-controlled site.

EX: redirecting to Google, if it does then the application is vulnerable.

Impact

Considered a low-impact vulnerability.
Can be chained with other bugs such as SSRF, OATH bypass, and other things giving you greater impact.

PreviousDirectory Traversal NextIDOR

Last updated 1 year ago