7 lines
598 B
Plaintext
7 lines
598 B
Plaintext
Open redirection occurs when an application uses user-controllable data to redirect users to a URL.
|
|
|
|
An attacker with malicious intent could manipulate a user to browse into a specially crafted URL, such as ``++https://trusted.example.com?url=evil.example.com++``, to redirect the victim to his evil domain.
|
|
|
|
Tricking users into sending the malicious HTTP request is usually the main task of exploiting an open redirection. Often, it requires an attacker to build a credible pretext to prevent suspicions from the victim. +
|
|
|
|
Attackers commonly use open redirect exploits in mass phishing campaigns. |