Also know as: Client Side URL Redirection or Open Redirection.
“An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation”
an user input without validating. Leads to an external URL. Platform affected: All web platforms. “An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation”
victim to the malicious page Misrepresent an organization or company Bypass the application’s access control checks / Forwards to access unauthorized pages or functions
be automatically redirected to www.attacker.com Forwards (Transfers) send the request to a new page in the same application .. which could bypass authentication or authorization. http://www.abc.com/submit.php?fwd=admincp.php Redirect Internal: