URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Medium |
Description#
Redirecting users to the current request URL using ‘header(“Location: " . $_SERVER[“REQUEST_URI”])’ can allow attackers to craft URLs that cause your site to redirect users to external, potentially malicious domains. This happens if the request path begins with double slashes (e.g., ‘//attacker.com’).
Impact#
If exploited, attackers could trick users into following links that redirect them away from your site to phishing or malicious sites, potentially leading to credential theft or other attacks. This undermines user trust and can expose your organization to security and reputational risks.