Course

Open Redirect vulnerabilities allow attackers to redirect victims to malicious websites. While these vulnerabilities typically have a low impact, they can be more severe if leveraged to leak OAuth tokens. In this challenge, you will redirect a victim to a website you control, such as webhook.site. Once the victim visits your page, you will receive the key to score in the User-Agent, which you can then submit.

The challenge is based on a trivial open redirect where any URL can be used to redirect the victim to your website. The accompanying video covers a source code review of the Open Redirect 01 challenge, highlighting how the lack of filtering in the code allows for this vulnerability. It emphasizes the importance of implementing filtering before using user-provided parameters in header locations to prevent open redirects.