Web Security beginner 25 mins

Open Redirect

Understand how open redirect vulnerabilities enable phishing attacks and security bypasses. Learn to exploit redirect parameters without validation to redirect users to malicious sites.

Hands-on Labs
Real-world Scenarios
Immediate Feedback
1

Introduction to Open Redirect

theory

Learn what open redirect vulnerabilities are, why they matter, and common attack scenarios.

Introduction to Open Redirect

What is an Open Redirect?

An open redirect occurs when an application sends users to a destination URL controlled by user input, without validation.

Example


GET /redirect?next=https://trusted.com/dashboard

Impact

  • Phishing attacks using trusted domains
  • Bypass domain allow-lists
  • Chaining to server-side request (SSRF)

Knowledge Check

What is a primary risk posed by open redirects?