ShieldReport
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign InRun Free Scan
Run Scan
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign In
← Back to Wiki

Open Redirect

low
CWE-601Input Validation

What is Open Redirect?

An open redirect vulnerability allows attackers to craft URLs using the legitimate domain that redirect users to malicious external websites.

How it works

The application uses a URL parameter (e.g., /login?redirect=https://evil.com) to redirect users after an action. An attacker crafts a link using the trusted domain that redirects to their phishing site.

Impact

Phishing attacks that appear to originate from a trusted domain, credential theft, malware distribution, and OAuth token theft.

How ShieldReport detects this

ShieldReport identifies redirect parameters in URLs and tests with external domain payloads to verify if unvalidated redirects are possible.

How to fix it

Validate redirect URLs against an allowlist of permitted domains. Use relative paths instead of full URLs for redirects. Warn users before redirecting to external sites.

Tags

redirectphishinginput-validation

Is your site vulnerable to Open Redirect?

Run a free scan to find out in under 2 minutes.

Scan Now
ShieldReport

Website security scanning and reporting for developers, teams, and agencies.

ShieldReport - Security reports done in minutes which developers understand | Product Hunt

Product

  • Free Security Scan
  • What We Check
  • Pricing
  • Sample Report

Resources

  • Security Blog
  • FAQ
  • Website Security Checklist
  • CSP Guide

Topics

  • Security Headers
  • TLS Configuration
  • OWASP Top 10
  • Vulnerability Scanning

© 2026 ShieldReport. All rights reserved.

Run Free ScanPricingBlogSitemapRSS Feed