URL redirection Exploit



 - what is url redirection ?

- Iam a developer , how i can protect my script from url redirection ?

- Iam a user , how i can protect my self from fishing, maliciouse links ? 



 An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get victims visit malicious sites without realizing that.

URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting. URL redirection is what all spammers love to have.

A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers, malicious websites that contains exploitkit .


 How it works ! How to solve it !

URL redirection could be found in forms inputs for example as a return value after validation user credentials , or it might be in javascript codes .. etc

That mean for protection your script should properly sanitize user input.

Example :





How hackers/Spammers could use it  ?!


- Fake login page - EXAMPLE : facking login page of facebook or twitter. could steal victim credentials  . 

- Avoid spammers links from being blocked in social media , such as facebook .

- Redirect victims to racial , ethnic ...etc websites .


How i can know the link is safe ?!


There is several ways you should follow to protect your self from malicious links which is :


- Figure the opened URL , Example : Facebook.com is different than Facebook.freeh.com . 

- Keep your antivirus up to date . i recomended you to use : Essential Security

- Do not open links that saying some hot words , such as : click to win 10.000$ , free mobile credits, claim your money now ... etc .



What else you know about URL redirection , comment down , we can update this article together . 


Regards .