What is an open redirect vulnerability and how to prevent it

We are living in a world where attacks are getting more and more sophisticated. Hackers are able to steal sensitive data at the drop of a hat. We, on the other hand, are unaware of what is really going on.

One such super-sophisticated attack is the open redirect vulnerability attack. In this, the user is neither aware when the attack was initiated nor when their data was completely stolen.

In this post, we will understand more about open redirect vulnerability, including its types and examples.

Table of Contents

  1. What is an open redirect vulnerability?

What is an open redirect vulnerability?

Simply put, open redirect vulnerability is a website security issue that allows attackers to take advantage of the vulnerabilities in your official business websites. When an open redirect vulnerability is not resolved in your website, the attacker can send the victim a phishing mail with your business domain name and redirect the user to another malicious URL.

Here, the user fails to notice that the parameters of the malicious URL have been manipulated by the attacker with the intention of redirecting the user to a new website that looks the same as the original. Now the fake website may prompt the user to enter the credentials like the real one. Once the user enters their credentials and submits, they will be redirected to the previous genuine website, as though nothing happened.

Here are the consequences of an open redirect vulnerability -

  1. Phishing attacks: Such attacks will be carried out by steering the user from the vulnerable site to the phishing site.

Example of open redirect vulnerability

https://yourbusinessurl.com/redirect.php?redirecturl=http://attacker.com/phish/

Observe the above URL, especially the parameters sandwiched between the official genuine URL address. It has been smartly changed to redirect the user to the website framed by the attacker.

The probability of clicking the above link is high since the URL ‘ yourbusinessurl.com’ creates an air of genuineness to your users and makes them take action.

Another URL scheme that is handy to the attackers is data: attribute in URLs. Although it cannot be manipulated in Webkit-based browsers such as Chrome and Opera, browsers like Mozilla Firefox allow the manipulation of this data: attributes. Attackers can easily get hold of this open redirect vulnerability to create phishing websites without needing web servers to host them.

Types of open redirect vulnerabilities

There are two types of open redirect vulnerabilities -

Header-based open redirect vulnerability

An HTTP location header is a very important component of a website as it asks a browser to redirect to the specified URL and provides the location of the resource that was created recently. However, it is JavaScript independent and attackers use this header to redirect users to a malicious website. The issue is — unless the user examines the URL they won’t see any strange additions to the URL which may cost them their precious data.

Javascript-based open redirect vulnerability

In this, server-side code takes care of sending requests and displaying the right information to the user. Attackers exploit this JavaScript-based open redirect vulnerability hijacking cookie sessions and initiate their phishing attacks to get hold of the user’s credentials.

Prevention of open redirect vulnerability

There are a handful of methods to avoid open redirects -

  1. Force redirects to go to a page notifying the users that it is redirecting out of the website. It should clearly display a message and a button that needs to be clicked by users to confirm that they are okay to be redirected to another location.

Wrapping Up

In this post, you have seen how harmful an open redirect vulnerability can be and why it is so important to prevent it. The easiest and the most effective way to prevent it is by not letting your user have control of where the page redirects them to. It is only necessary to provide users the authority to enter short keywords and map them to the target URL or simply allow them to confirm before being redirected to the destination.

If you want to read more articles about Open Redirect, take a look at our website for more publications: https://www.partech.nl/en/publications

Originally published at https://www.partech.nl.

We are the technical partner for your online platform and the best employer for web development professionals. Want to know more about ParTech? Partech.nl/nl