• 762
  • 1.9k
  • 191.4k

How to prevent open redirection attacks?

Feb 22 2017 7:49 AM
                  Un-validated Redirect: The login form is vulnerable to un-validated redirect attacks:
Affected URLs: https://example.com/login.aspx?returnURL=https://www.attacker.com 
    By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
         Whitelist the redirect URLs and prevent redirection outside parent domain. 
 i dont know what is the problem is that.and what they saying.
My understading 
if login the application that redirect another un- validated page.
How to fix it what is the problem is that 

Brought to you by:

Answers (4)