Open redirection occurs when an application uses user-controllable data to build URLs used during redirects.
An attacker with malicious intent could manipulate a user to browse into a specially crafted URL, such as
https://trusted.example.com/redirect?url=evil.com, to redirect the victim to their evil domain.
Open redirection is most often used to trick users into browsing to a malicious domain that they believe is safe. As such, attackers commonly use
open redirect exploits in mass phishing campaigns.
What is the potential impact?
An attacker can use this vulnerability to redirect a user from a trusted domain to a malicious domain controlled by the attacker. At that point,
the attacker can perform various attacks, such as phishing.
Below are some scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
Phishing
Suppose the attacker creates a malicious website that mirrors the interface of the trusted website. In that case, they can use the open redirect
vulnerability to lead the user to this malicious site.
Due to the similarity in the application appearance and the supposedly trustable hyperlink, the user fails to identify that they are browsing on a
malicious domain. From here, an attacker can capture the user’s credentials, bypass Multi-Factor Authentication (MFA), and take over the user’s
account on the trusted website.
Malware distribution
By leveraging the domain mirroring technique explained above, the attacker could also create a website that hosts malware. A user who is unaware of
the redirection from a trusted website to this malicious website might then download and execute the attacker’s malware. In the worst case, this can
lead to a complete system compromise for the user.
JavaScript injection (XSS)
In certain circumstances, an attacker can use DOM-based open redirection to execute JavaScript code. This can lead to further exploitation in the
trusted domain and has consequences such as the compromise of the user’s account.
