Vulnerability Name: URL Redirection / Unvalidate Open Redirect

## Summary: [visit this URL it will redirect you to http://bing.com. https://reviewnic.com/redirect.php?url=http://bing.com. Note: Attacker could change http://bing.com to http://evilsite-of-attacker.com and hence can steal user credentials.] ## Impact: [URL Redirection or Invalidate Open Redirect are usually used with phishing attack or in malware delivery, it may confuse the end user on which site they are visiting. 1. Attacker could redirect victim to vulgar site such as any porn site which can degrade the reputation of your site as the redirection happen from your domain. 2. Attacker could delivered malware or phishing pages in the name of your website and hence can steal user credentials. As the front part of URL is legitimate , attacker can easily convince users to click on malicious crafted link, and hence can easily target user of https://reviewnic.com] ## Steps To Reproduce: [add details for how we can reproduce the issue] 1. [visit this URL it will redirect you to http://bing.com] 1. [https://reviewnic.com/redirect.php?url=http://bing.com.] 1. [Attacker could change http://bing.com to http://evilsite-of-attacker.com and hence can steal user credentials] ## Supporting Material/References: [If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behavior can be avoided in two ways: -Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs. -Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list. If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimise the risk of redirection attacks: -The application should use relative URLs in all of its redirects, and the redirection function should strictly validate that the URL received is a relative URL. -The application should use URLs relative to the web root for all of its redirects, and the redirection function should validate that the URL received starts with a slash character. It should then prepend http://yourdomainname.com to the URL before issuing the redirect. -The application should use absolute URLs for all of its redirects, and the redirection function should verify that the user-supplied URL begins with http://yourdomainname.com/ before issuing the redirect.] ## Impact 1. Attacker could redirect victim to vulgar site such as any porn site which can degrade the reputation of your site as the redirection happen from your domain. 2. Attacker could delivered malware or phishing pages in the name of your website and hence can steal user credentials.