An open redirect is where your application
redirects the user to a URL supplied from an untrusted source, without checking
the validity of that URL.
Open redirects are often used in phishing attacks - attacks
where malicious links are sent out in emails, in an attempt to trick users into
visiting a harmful site.
By sending out a link that points to your website but immediately redirects
to a malicious site, attackers can circumvent anti-phishing measures put in
in place by email providers.
This kind of attack can damage the trust your users have in your site
since you appear to be the malicious actor. Let's see how the attack works.
Mal is a hacker who has noticed that your site performs
a redirect after login. Normally this is a useful feature; but your site
doesn't check the URL of the redirect location.
Mal crafts a URL featuring a redirect to his malicious website.
To make it less obvious what he is doing, he encodes the redirect parameter, and adds
some superfluous parameters to the query string.
Mal sends this URL to Vic in an email. The link is to your website,
which is not black-listed as a malicious site by Vic's email provider, so
no alarms go off when the email is scanned.
Vic is one of your users. Mal wants to trick Vic into
going to his malicious website.
Vic clicks on the link. Since he isn't currently logged in, your website
presents him with the login page.
Immediately after Vic logs in, the redirect parameter is processed. The
site doesn't do any check on the URL described in the 'next' parameter.
Vic is redirected to the harmful site. He has been phished!