Open Redirect

unvalidated_redirects session_security http_open_redirect

Open redirect 🐟 refer to an endpoint such as https://example.com/redirect.php used to redirect users, but that do not check, or not correctly check where the user is redirected.

Some CRM tools such as HubSpot redirect links in emails to pass through their website to trace when the link was clicked/... for the company to analyze their email campaigns. It's common for websites to use redirections for analytics.

It's mainly used for phishing 🎣 by making users click on a link to a domain they trust, while not seeing that the link is actually exploited to redirect to a malicious website.

https://[...]?xxx=some_url $\to$ https://[...]?xxx=malicious_url

There may be some filtering, such as for http/https, but it can be bypassed using /%2f%2fexample.com, /%09/example.com, etc.


πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • encode malicious URL as hexadecimal to try filter bypassing