Http Open Redirect In Query Params
Description
This detector identifies open redirect vulnerabilities in URL query parameters. Open redirects occur when an application accepts user-controlled input to determine redirect destinations without proper validation, allowing attackers to redirect users to malicious external sites for phishing or other attacks.
Detection Strategy
• Scans URLs that contain query parameters with names commonly used for redirects (like 'redirect', 'url', 'return', etc.)
• Replaces each redirect parameter value with a test URL pointing to a controlled domain
• Makes HTTP requests to the modified URLs and examines the responses
• Reports a vulnerability when the server returns a 3xx redirect status code with a Location header pointing to the test domain
• Only triggers when the application actually performs the redirect to the external test URL, confirming the vulnerability is exploitable
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.