- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Website applications use URL redirectors to forward incoming request to an alternate resource. In URL Redirector Abuse, URL redirectors are abused to cause an attacker’s URL to appear to be endorsed by the legitimate site, tricking victims into believing that they are navigating to a site other than the true destination. Applications accept arbitrary user-defined URLs as input, which are then used as targets for redirection.
URL redirection is often used to allow resources to be moved within the directory structure and to avoid breaking functionality for users who request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links.
It is this last implementation which can be used in URL Redirector Abuse attacks such as phishing. URL redirectors can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.