URL Redirection


The application is vulnerable to URL redirection. The application accepts untrusted input that controls where the application is redirected.  An attacker can manipulate the parameter to redirect a user to a malicious site.

Impact

With a URL redirection vulnerability, an attacker can create a link that will redirect users to a malicious site. This vulnerability is useful in a phishing attack because a user is more likely to click on a link from a trusted domain especially when the redirection parameter is obfuscated. Attackers often combine such an attack with a malicious site that looks like the original application in order to trick users into submitting sensitive data such as passwords or credit cards.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database