Php Laravel Open Redirect
Description
Detects unvalidated URL redirects in Laravel PHP applications where user-controlled input is passed directly to redirect()->away() without proper validation. This can allow attackers to redirect users to malicious websites through the application.
Detection Strategy
• Check if Laravel's Illuminate/Http/Request library is imported in the code
• Find calls to redirect()->away() method
• Verify if the URL parameter passed to away() contains user input
• Confirm that the URL parameter is not properly validated or sanitized
• Report vulnerability if all conditions are met
Vulnerable code example
<?php
use Illuminate\Http\Request;
class RedirectController
{
public function redirectUnsafe(Request $request)
{...✅ Secure code example
<?php
use Illuminate\Http\Request;
class RedirectController
{
private array $allowedUrls = [
'https://www.google.com',...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.