The application is vulnerable to URL redirection. The application accepts untrusted input that controls where the application is redirected. An attacker can manipulate the parameter to redirect a user to a malicious site.
With a URL redirection vulnerability, an attacker can create a link that will redirect users to a malicious site. This vulnerability is useful in a phishing attack because a user is more likely to click on a link from a trusted domain especially when the redirection parameter is obfuscated. Attackers often combine such an attack with a malicious site that looks like the original application in order to trick users into submitting sensitive data such as passwords or credit cards.
How To Test
Sample Report Screenshots
Time Saving Tips