Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • Can i also hack a user's session, in order to embed this code into the page he views on example.com ? Commented Mar 29, 2015 at 13:39
  • @user2598085 Not really. You can highjack a session, or perform session fixation, and I guess theoretically this could enable an open redirect (eg if you change your example code to $redirectUrl = $_SESSION['url'];, and set $_SESSION['url'] in a different script) without the need to send the evil url, just the normal url, but this is a very contrived example, and if you can highjack/fixate a session, open redirect isn't the most interesting attack to perform. Commented Mar 29, 2015 at 13:42
  • A redirect to any given domain is a security issue indeed. But what about a user input path only? An open redirect but only to any given path on the same domain. Commented Dec 4, 2016 at 21:22
  • 1
    @Bell If the filter is working correctly it's not an issue. Note though that eg filtering http:// and https:// is not enough, //google.com eg works as well. Note also that if the CSRF protection is a simple referer check and if the application has GET requests that change server state (or if a POST to GET downgrade is possible) this would enable CSRF attacks. Commented Dec 4, 2016 at 21:35