Open Redirect

An open redirect vulnerability occurs when a web application accepts user-controllable input that specifies a URL for redirection without proper validation. Attackers exploit this to redirect users from a trusted domain to a malicious site, making phishing attacks more convincing because the initial URL appears to be from the legitimate site.

Open redirects commonly appear in login flows (redirect after authentication), logout flows, link shorteners, and email tracking URLs. While often considered low severity on their own, open redirects become more impactful when used in OAuth flows (to steal authorization codes), combined with SSRF, or as part of a social engineering attack chain.

Mitigations include maintaining an allowlist of permitted redirect destinations, validating that redirect URLs belong to the same domain, and avoiding redirect parameters altogether by using server-side redirect mappings.

How APVISO tests for this: APVISO's scanner agent tests all redirect parameters for open redirect vulnerabilities, including bypass techniques like protocol-relative URLs, URL-encoded payloads, and domain confusion techniques. It identifies redirects in login/logout flows, OAuth callbacks, and link tracking endpoints.