Unvalidated Redirect
Variants:
Direct Persistent Multiphase Session
Also Known As:
Open Redirect, External Redirect, Phishing via Redirect, URL Redirector Abuse
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Input Validation, Secure Design
Invented In:
01/01/2005
Added In:
10/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can abuse features in the application that redirect users to user-controlled URL addresses, in order to craft malicious links that redirect unaware users to a phishing website, while relying on the trust the user holds for the domain address of the clicked link.
