# Open Redirection

> Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.

### Exploitation

When reporting an open redirection vulnerability it's important to demonstrate the maximum impact. Redirecting to an arbitrary site is a great proof of concept, however, often times we can trigger a cross-site scripting vulnerability. Rather than configuring a site with a payload, we can just redirect directly to base64 encoded data data, namely a URI with a base64 encoded input containing malicious HTML/JavaScript:

```
data:text/html;base64,PHNjcmlwdD5hbGVydCgnRXhhbXBsZScpPC9zY3JpcHQ+
```

### References

{% embed url="<https://portswigger.net/kb/issues/00500100_open-redirection-reflected>" %}

{% embed url="<https://0x80dotblog.wordpress.com/2022/01/15/hacking-banks-for-fun-and-no-profit-identifying-targets-for-spear-phishing/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ttp.parzival.sh/pentesting/web-applications/open-redirection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.