Open Redirect Vulnerability

Introduction

In this blog, we are discussing open redirecting vulnerability. Open redirecting vulnerability means where an application is redirecting users to untrusted sites.

Please check the below code snippets,

window.location.href = "google.com";

Usually, we have some common functionality in web applications.  Clicking a link redirects to a particular page or different web address. Now as part of the requirement we have to implement this but while redirecting we need to validate the address. When it comes to validation we have to validate the domain name, protocol. We can avoid Open redirect vulnerability by doing URL validation.

Please check the below code,

public static bool CheckURLValid(this string source) {
    Uri uriResult;
    return Uri.TryCreate(source, UriKind.Absolute, out uriResult) && uriResult.Scheme == Uri.UriSchemeHttp;
}

Open redirects are often used in email phishing attacks where there is a chance of uses are redirected to harmful sites. This kind of attack can damage the trust of your site as it appears to be malicious.

Let's understand how open redirects works,

Madan is an attacker and he noticed the site performs the redirect operation once a user logged into the application. Madan wants to do this trick by sending a phishing email with URL and crafting query parameters. Madan sends an email to multiple users with the link and that link is not whitelisted in the application.

When users click on the link it will redirect to login page where a user will enter the credentials to login. If login is successful, the user is redirected to the harmful site and the user has been fished.

Summary

In this blog, we learned about open redirect.

I hope that you find it helpful. Eat->Code->Sleep->Repeat.