Securing Laravel

Share this post

Security Tip: Open Redirects

securinglaravel.com

Security Tip: Open Redirects

[Tip#16] Ever clicked a link that looked legitimate, but took you somewhere unexpected?

Stephen Rees-Carter
Mar 1, 2022
∙ Paid
1
Share this post

Security Tip: Open Redirects

securinglaravel.com
Share

Greetings Friends! I hope you learnt a lot from last week’s Timing Attacks email, I had a lot of fun putting it together, alongside the demo and video. This week our tip is about Open Redirects - something that’s super easy to overlook, and the implications aren’t always immediately obvious.


Open Redirects

An Open Redirect vulnerability is where an attacker can trick the server into redirecting the victim somewhere specific, usually somewhere completely unrelated to the site the vulnerability is on. They are used to mask the final destination of a URL, so if the victim looks at the malicious open redirect link, all they see is a safe domain name at the beginning, not the real domain hiding at the end.

For example, consider an app that redirects a user to a login form with the intended authenticated URL in as a query string parameter.

Keep reading with a 7-day free trial

Subscribe to Securing Laravel to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 Stephen Rees-Carter
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing