SiteShadow
Back to vulnerability library
Detected byRegex rules + pattern checksFree

N01 Insecure Redirects

What this means

SiteShadow flagged redirect logic where the destination URL can be influenced by user input (query params like ?next=..., returnUrl=..., redirect=...).

Why it matters

Open redirects can enable phishing, token leakage, or malicious navigation.

Safer examples

1) Use allowlisted relative paths (recommended)

const next = req.query.next || "/dashboard";
if (!next.startsWith("/")) throw new Error("Invalid redirect");
res.redirect(next);

2) If absolute URLs are needed, allowlist hosts

allowed = {"app.example.com"}
u = urlparse(next_url)
if u.hostname not in allowed:
    raise ValueError("Invalid redirect host")

3) Don't accept redirects from untrusted sources

Avoid reflecting arbitrary URLs back to clients.

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this in your code with the free tier.

SiteShadow's free tier covers this exact pattern across the 23 OWASP Top 10 single-file checks. Sign in with your work SSO, first-time sign-in auto-issues your free license.