Skip to main content
| Tiago Coimbra

13. Open Redirect

An intricate and abstract digital artwork featuring a green, futuristic, humanoid figure sitting in a throne-like position with multiple layered robotic and alien-like faces, giving a cyberpunk and biomechanical appearance against a black background.

Open Redirect

Category: #Configuration-Based-Attack

Attack: Open redirects occur when an application allows users to be redirected to an untrusted URL, which can be exploited for phishing attacks or to redirect users to malicious websites.

Attack Code Example (Open Redirect):

GET /redirect?url=http://malicious-site.com

In this example, the application allows users to specify a url parameter to redirect to an external, potentially malicious website.

Vulnerable Code (Python Flask):

@app.route('/redirect', methods=['GET'])
def redirect_user():
    url = request.args.get('url')
    return redirect(url)  # Unvalidated URL, vulnerable to open redirect

Remediation Steps:

  • Validate Redirect URLs: Only allow redirects to trusted, whitelisted URLs.
  • Use Relative URLs: Avoid allowing full external URLs in the redirect parameter. Instead, limit redirects to internal relative paths.
  • Display Warnings: If redirection to external sites is necessary, warn users before redirecting and allow them to opt-out.

Safe Code (Whitelisting URLs in Python Flask):

@app.route('/redirect', methods=['GET'])
def redirect_user():
    url = request.args.get('url')
    allowed_domains = ["example.com", "trusted.com"]
    if any(domain in url for domain in allowed_domains):
        return redirect(url)
    else:
        abort(403)  # Block untrusted URLs

Reference: OWASP Unvalidated Redirects and Forwards Cheat Sheet