🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Open Redirect

An Open Redirect occurs when an application accepts a user-supplied URL parameter and redirects to it without proper validation. Attackers can exploit this by crafting malicious links that appear to originate from a trusted domain but silently forward the victim to an attacker-controlled site. This is often leveraged for phishing, credential theft, or chaining into more severe exploits such as token leakage or XSS.

Remediation

  • Enforce an allowlist of trusted redirect destinations; reject or normalise all other values.
  • Use relative paths for internal navigation instead of absolute URLs provided by user input.
  • Where dynamic redirects are unavoidable, validate that the supplied URL shares the same origin/domain as the application.
  • Encode redirect parameters and avoid reflecting user-controlled values directly in Location headers without checks.

Metadata

  • Severity: low
  • Slug: open-redirect

CWEs

  • 20: Improper Input Validation
  • 601: URL Redirection to Untrusted Site ('Open Redirect')
  • 74: Improper Neutralization of Special Elements in Output Used by a Downstream Component

OWASP

  • A01:2021: Broken Access Control
  • API7:2023: Server-Side Request Forgery (SSRF)

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.