URL Redirection

The application is vulnerable to URL redirection. The application accepts untrusted input that controls where the application is redirected.  An attacker can manipulate the parameter to redirect a user to a malicious site.


With a URL redirection vulnerability, an attacker can create a link that will redirect users to a malicious site. This vulnerability is useful in a phishing attack because a user is more likely to click on a link from a trusted domain especially when the redirection parameter is obfuscated. Attackers often combine such an attack with a malicious site that looks like the original application in order to trick users into submitting sensitive data such as passwords or credit cards.

Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database