Open Redirection Web Vulnerability Explained
Open Redirection occurs when vulnerable web page is being redirected to another web page via a user controllable input.
An attacker can use this vulnerability to redirect users to other malicious web sites which can be used for phishing and similar attacks.
- Where possible do not use users' input for URLs.
- If you definitely need dynamic URLs, Make a list of valid accepted URLs and do not accept other URLs.
- Ensure that you only accept URLs which are located on accepted domains.