# Open Redirects and Forwards

The insecure redirecting and forwarding of a web application can lead to phishing attacks.

# Background

# Context

Redirecting describes the act of sending a user from one web application to a different one, while forwarding sends the user to a different place within the web application.

An example for an open redirect would be http://myApp.com/?redirect=http://evilApp.com.

# Problems

Attackers could provide data for the above redirect parameter and lead the users to malicious websites
Attackers could also use this parameter to forward themselves to URLs with administrator privileges via /admin/...

# Solutions

Validation

# Technology

See Validation

← Validation Use Whitelisting instead of Blacklisting →