Loading ...
Try HTTPCS +33 1 85 09 15 09

Open Redirect (ORED) vulnerability

What is an ORED vulnerability and how to prevent it?

Open Redirect occurs when a vulnerable web page is redirected to a non-compliant page that may compromise the user.

14 days Free trial

No Commitment

OWASP ranking

What is an Open Redirect vulnerability ?

Open redirect attacks usually happen with a phishing attack because the changed vulnerable link is identical to the original site, increasing the likelihood of success of the phishing attack.
This vulnerability is often exists in web applications where the redirection is set with a "GET" parameter in the URL.

Security flaws

Example :

https://www.monsite.com?redirectURL=https://www.httpcs.com
In this example, monsite.com must redirect the user to httpcs.com. What happens if a malicious person changes the URL redirection ?

https://www.monsite.com?redirectURL=https://www.siteMalicieux.com
Now the site redirects the user to a malicious site.

Vulnerable PHP code :

$redirect_url = $_GET['url'];
header("Location: " . $redirect_url);

Here, there is not any control on user inputs. So this one can modify the URL redirection to a malicious website thanks to an Open Redirect vulnerability.


Secure your sites

How to protect yourself against Open Redirect vulnerabilities ?

It is necessary to control as much as possible the inputs of a user and to apply the principle of "Never trust a user".

Web Vulnerability Scanner of HTTPCS

How to detect TOP 10 OWASP vulnerabilities?

Detect security flaws on your website or web application thanks to the Web Vulnerability Scanner of HTTPCS. This online security tool allows you to detect any flaws you have (top 10 OWASP, CVE and other vulnerabilities implemented in the robot) to ensure the best protection of your site on a daily basis. Easily schedule automated audits, discover your vulnerabilities and find out what patches to apply to avoid being hacked.

Test for free the ORED Scanner

14 days Free trial

No Commitment