Open Redirection in POST Method Web Vulnerability Explained
Netsparker detected an open redirect vulnerability in a POST parameter. Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input.
Because the vulnerability can be only exploited via POST requests, its impact is very limited and it cannot be directly use for common Open Redirect attacks such as phising.
- Where possible, do not use users' input for URLs.
- If you definitely need dynamic URLs, use whitelisting. Make a list of valid, accepted URLs and do not accept other URLs.
- Ensure that you only accept URLs those are located on the trusted domains.