Attacking unvalidated redirection and Forward
Introduction
Applications provide users to visit other domains, that might be by clicking on a link or automatically, it is known as URL redirection and forwards.. However, if this functionality is not implemented correctly, it can be exploited by an attacker who can use this to redirect the legit user into his controlled malicious domain.
Let’s understand what are redirects and forwards and how they can be exploited.
What are Unvalidated Redirects and Forwards?
Unvalidated Redirect:
It occurs when an application uses user controllable data to perform the redirection in an unsafe way. So the user controllable data is being used for the redirection, a malicious user can use this to redirect user to his controllable website, which can be a phishing website or may ask user to install malware on their system, and since this redirection has been occurred from the legit website there is…
