{"id":20493883,"url":"https://github.com/qeeqbox/open-redirect","last_synced_at":"2026-03-06T08:32:27.274Z","repository":{"id":219662255,"uuid":"655432531","full_name":"qeeqbox/open-redirect","owner":"qeeqbox","description":"A threat actor may send a malicious redirect request for a vulnerable target to a victim; the victim gets redirected to a malicious website that threat actor controls","archived":false,"fork":false,"pushed_at":"2025-07-26T21:10:10.000Z","size":1996,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-27T01:11:47.305Z","etag":null,"topics":["infosecsimplified","open","qeeqbox","redirect","vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/qeeqbox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["qeeqbox"]}},"created_at":"2023-06-18T21:49:06.000Z","updated_at":"2025-07-26T21:10:14.000Z","dependencies_parsed_at":"2024-01-29T02:32:15.989Z","dependency_job_id":"c557be73-085b-485f-ae3d-4688559abaf4","html_url":"https://github.com/qeeqbox/open-redirect","commit_stats":null,"previous_names":["qeeqbox/open-redirect"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/qeeqbox/open-redirect","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fopen-redirect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fopen-redirect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fopen-redirect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fopen-redirect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/qeeqbox","download_url":"https://codeload.github.com/qeeqbox/open-redirect/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/qeeqbox%2Fopen-redirect/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30167962,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T07:56:45.623Z","status":"ssl_error","status_checked_at":"2026-03-06T07:55:55.621Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["infosecsimplified","open","qeeqbox","redirect","vulnerability"],"created_at":"2024-11-15T17:37:14.477Z","updated_at":"2026-03-06T08:32:27.249Z","avatar_url":"https://github.com/qeeqbox.png","language":null,"funding_links":["https://github.com/sponsors/qeeqbox"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e \u003cimg src=\"https://raw.githubusercontent.com/qeeqbox/open-redirect/main/open-redirect.png\"\u003e\u003c/p\u003e\n\nA threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file\n\n## Example #1\n1. Threat actor crafts an email with a malicious redirection request for a vulnerable target and sends the email to a victim\n2. The victim clicks on the email and sends the request to the vulnerable target\n3. The target processes the malicious redirection request back to the victim\n4. The victim's browser redirects the user to a malicious website\n\n## Code\n#### Target-Logic \n```js\napp.post(\"/weclome\", (request, response) =\u003e {\n    if (request.redirect){\n        res.redirect(req.query.redirect);\n    } else {\n        res.redirect(\"/\")\n    }\n});\n```\n\n#### Target-In\n```\n?redirect=test.com\n```\n\n## Impact\nMedium\n\n## Names\n- Open Redirect\n\n## Risk\n- Redirect users\n\n## Redemption\n- Input validation\n\n## Require\n- Social Engineering\n\n## ID\ncea84b63-1552-47ad-a160-503f1c913390\n\n## References\n- [wiki](https://en.wikipedia.org/wiki/Open_redirect)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fopen-redirect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fqeeqbox%2Fopen-redirect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fqeeqbox%2Fopen-redirect/lists"}