Javascript Express Open Redirect
Description
Detects unvalidated redirects in Express.js applications where the destination URL can be controlled through user input. This vulnerability could allow attackers to redirect users to malicious websites through the application's redirect functionality.
Detection Strategy
• Identifies Express.js redirect function calls (e.g. res.redirect())
• Checks if the redirect URL parameter comes from user-controllable HTTP inputs (query parameters, body, etc)
• Reports a vulnerability when redirect functions use unvalidated user input as the destination URL
• Examines function call arguments to trace the data flow from HTTP inputs to redirect destinations
Vulnerable code example
const express = require('express');
const app = express();
app.get('/redirect', (req, res) => {
const target = req.query.url;
res.redirect(target); // Vulnerable: Unvalidated user input used directly in redirect
});
...✅ Secure code example
const express = require('express');
const app = express();
app.get('/redirect', (req, res) => {
const target = req.query.url;
try {
// Validate URL against allowed domains...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.