Talk:Top 10 2010-A10-Unvalidated Redirects and Forwards

From OWASP
Jump to: navigation, search

I don't understand the technical difference between the 2 scenarios. Q1. The first says '..redirects users...'; the second says '...uses forward to route requests ...'; Are these both 3xx responses?

Q2. If the app uses the parameter value to go to a site relative url, are you saying that is inherently risky because the app may not perform any further validation?