https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=JandelOWASP - User contributions [en]2026-04-23T20:51:05ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Talk:SQL_Injection&diff=16529Talk:SQL Injection2007-02-19T07:52:47Z<p>Jandel: New page: Maybe this article must be in Code injection category?</p>
<hr />
<div>Maybe this article must be in Code injection category?</div>Jandelhttps://wiki.owasp.org/index.php?title=Open_redirect&diff=16496Open redirect2007-02-16T13:08:49Z<p>Jandel: /* Examples */</p>
<hr />
<div>==Overview==<br />
<br />
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.<br />
<br />
{{Template:Stub}}<br />
<br />
==Consequences ==<br />
<br />
[[Phishing]]<br />
<br />
==Exposure period ==<br />
<br />
==Platform ==<br />
All web platforms affected<br />
<br />
==Required resources ==<br />
<br />
==Severity ==<br />
<br />
<br />
==Likelihood of exploit ==<br />
<br />
<br />
==Avoidance and mitigation ==<br />
To avoid the open redirect vulnerability parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser.<br />
<br />
The server must have a relation of the authorized redirections (i.e. in a database)<br />
<br />
==Discussion ==<br />
<br />
<br />
==Examples ==<br />
<br />
http://www.vulnerable.com?redirect=http://www.attacker.com<br />
<br />
The phishing use can be more complex, using complex encoding:<br />
<br />
Real redirect: http://www.vulnerable.com/redirect.asp?=http://www.links.com<br />
<br />
Facked link: http://www.vulnerable.com/security/advisory/23423487829/../../../redirect.asp%3F%3Dhttp%3A//www.facked.com/advisory/system_failure/password_recovery_system<br />
<br />
==Related problems ==<br />
<br />
* [[Open forward]]<br />
<br />
[[Category:Vulnerability]]</div>Jandelhttps://wiki.owasp.org/index.php?title=Open_redirect&diff=16495Open redirect2007-02-16T13:04:20Z<p>Jandel: /* Platform */</p>
<hr />
<div>==Overview==<br />
<br />
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.<br />
<br />
{{Template:Stub}}<br />
<br />
==Consequences ==<br />
<br />
[[Phishing]]<br />
<br />
==Exposure period ==<br />
<br />
==Platform ==<br />
All web platforms affected<br />
<br />
==Required resources ==<br />
<br />
==Severity ==<br />
<br />
<br />
==Likelihood of exploit ==<br />
<br />
<br />
==Avoidance and mitigation ==<br />
To avoid the open redirect vulnerability parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser.<br />
<br />
The server must have a relation of the authorized redirections (i.e. in a database)<br />
<br />
==Discussion ==<br />
<br />
<br />
==Examples ==<br />
<br />
http://www.vulnerable.com?redirect=http://www.attacker.com<br />
<br />
==Related problems ==<br />
<br />
* [[Open forward]]<br />
<br />
[[Category:Vulnerability]]</div>Jandelhttps://wiki.owasp.org/index.php?title=Open_redirect&diff=16494Open redirect2007-02-16T13:04:08Z<p>Jandel: /* Platform */</p>
<hr />
<div>==Overview==<br />
<br />
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.<br />
<br />
{{Template:Stub}}<br />
<br />
==Consequences ==<br />
<br />
[[Phishing]]<br />
<br />
==Exposure period ==<br />
<br />
==Platform ==<br />
All web plattforms affected<br />
<br />
==Required resources ==<br />
<br />
==Severity ==<br />
<br />
<br />
==Likelihood of exploit ==<br />
<br />
<br />
==Avoidance and mitigation ==<br />
To avoid the open redirect vulnerability parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser.<br />
<br />
The server must have a relation of the authorized redirections (i.e. in a database)<br />
<br />
==Discussion ==<br />
<br />
<br />
==Examples ==<br />
<br />
http://www.vulnerable.com?redirect=http://www.attacker.com<br />
<br />
==Related problems ==<br />
<br />
* [[Open forward]]<br />
<br />
[[Category:Vulnerability]]</div>Jandelhttps://wiki.owasp.org/index.php?title=Open_redirect&diff=16493Open redirect2007-02-16T13:03:00Z<p>Jandel: /* Avoidance and mitigation */</p>
<hr />
<div>==Overview==<br />
<br />
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.<br />
<br />
{{Template:Stub}}<br />
<br />
==Consequences ==<br />
<br />
[[Phishing]]<br />
<br />
==Exposure period ==<br />
<br />
==Platform ==<br />
<br />
==Required resources ==<br />
<br />
==Severity ==<br />
<br />
<br />
==Likelihood of exploit ==<br />
<br />
<br />
==Avoidance and mitigation ==<br />
To avoid the open redirect vulnerability parameters of the application script/program must be validated before sending 302 HTTP code (redirect) to the client browser.<br />
<br />
The server must have a relation of the authorized redirections (i.e. in a database)<br />
<br />
==Discussion ==<br />
<br />
<br />
==Examples ==<br />
<br />
http://www.vulnerable.com?redirect=http://www.attacker.com<br />
<br />
==Related problems ==<br />
<br />
* [[Open forward]]<br />
<br />
[[Category:Vulnerability]]</div>Jandel