URL Redirect ?
INTRODUCTION
URL Redirection is a vulnerability which allows an attacker to force users of your application to an untrusted external site. The attack is most often performed by delivering a link to the victim, who then clicks the link and is unknowingly redirected to the malicious website.
Types Of Redirections:
1.Permanent Redirection : The HTTP 308 Permanent Redirect redirect status response code indicates that the resource requested has been definitively moved to the URL given by the Location headers.
| CODE | TEXT |
| 301 | Moved Permanently |
| 308 | Permanent Redirect |
2.Temporary Redirection : HTTP 307 Temporary Redirect redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location headers. The method and the body of the original request are reused to perform the redirected request.
| CODE | TEXT |
| 302 | Found |
| 303 | See Other |
| 307 | Temporary Redirect |
3.Special Redirection :
| CODE | TEXT |
| 300 | Multiple Choice |
| 304 | Not Modified |
HTTP redirects aren't the only way to define redirections:
1.HTML redirections :
HTTP redirects are the best way to create redirections, but sometimes you don't have control over the server. In that case, try a <meta> element with its http-equiv attribute set to Refresh in the <head> of the page. When displaying the page, the browser will go to the indicated URL.
<head> <meta http-equiv="Refresh" content="0; URL=https://example.com/"> </head>
The content attribute should start with a number indicating how many seconds the browser should wait before redirecting to the given URL. Always set it to 0 for accessibility compliance.
2.JavaScript redirections :
Redirections in JavaScript are performed by setting a URL string to the window.location property, loading the new page:
window.location = "https://example.com/";