Open Redirect
When we visit, somepopularsite.com, we have some trust on that site. We know that it is not a malicious website or a not fake one.
for eg.,
www.facebook.com
www.google.com
www.twitter.com
If we see URL like https://m.facebook.com/story/view/?bucket_id=:bucket_id&viewer_session_id=:session_id&exit_uri=https://attacker.com
We see the domain, and from that, we understood, its Facebook.com.
But, what if this URL redirects to attacker.com
?
If redirected, then this is Open Redirect Vulnerability on facebook.com (Yes! This was an actual bug found on Facebook by @dwi.siswanto98 in Jan 2020)
Open Redirect Vulnerability can be classified as,
- GET-Based
- POST-Based
- Header-Based
- Flash-Based