感谢您的访问。此页面目前仅提供英语版本。我们正在开发中文版本。谢谢您的理解。

Open Redirectors

An open redirector is an endpoint configured to redirect a user-agent based on the value of a parameter, without any kind of validation. Open redirectors can be exploited in Login with Amazon by attackers who fool users into authorizing access to the legitimate website, but when the authorization server redirects to the client, the open redirector sends it back to the attacker.

Login with Amazon client websites should ensure that the target of the redirection URI they use for authentication is not configured as an open redirector.

Some common patterns for open redirectors are:

  • example.com/go.php?url=
  • example.com/search?q=user+search+keywords&url=
  • example.com/coupon.jsp?code=ABCDEF&url=
  • example.com/login?url=