medium Web Vulnerabilities

Open Redirect Vulnerability

The site has an open redirect — a parameter that redirects to any URL, allowing phishing campaigns that appear to come from your domain.

Severity
medium
Time to Fix
1-2 hours
Difficulty
medium
OWASP
A01:2021 — Broken Access Control

What is Open Redirect Vulnerability?

An open redirect is a parameter (like ?url=, ?redirect=, ?next=) that redirects the user to any URL without validation. Attackers use this to craft phishing URLs that look like they come from your trusted domain (e.g., yoursite.com/login?redirect=https://evil.com) but actually send users to malicious sites.

Why It Matters to Your Business

Open redirects enable convincing phishing campaigns. Because the URL starts with your trusted domain, email filters and users are more likely to trust it. Attackers use this to steal credentials, distribute malware, and bypass email security.

How to Fix It

Validate all redirect destinations against an allowlist:

PHP/Laravel:
  // BAD
  return redirect($request->input('redirect'));

  // GOOD — allowlist
  $allowed = ['/', '/dashboard', '/profile'];
  $redirect = $request->input('redirect', '/');
  if (!in_array($redirect, $allowed)) {
      $redirect = '/';
  }
  return redirect($redirect);

  // Or check that it's a relative URL
  if (!str_starts_with($redirect, '/') || str_starts_with($redirect, '//')) {
      $redirect = '/';
  }

Express.js:
  // Use express-validate-redirect middleware
  app.get('/redirect', validateRedirect, (req, res) => res.redirect(req.query.url));

Never trust user input for redirect destinations.

Technical Classification

OWASP CategoryA01:2021 — Broken Access Control
CWE IDCWE-601: URL Redirection to Untrusted Site
Detected Byopen_redirect scanner(s)
Severity Levelmedium

Check if your website has this vulnerability

Our open_redirect scanner checks for this issue automatically.

Scan My Website Free

Related Vulnerabilities