Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This lesson offers a demonstration of re-directs and forwards in un-validated URLs. By toggling the security level to be at zero and turning on the interceptor in Burp Suite, users can see a parameter called Forward URL that is being passed into PHP script. This can be changed into anything a coder desires and can lead unsuspecting users to a hostile web site.