Skip to main content


Home URL injection

URL injection

URL injection definition

URL injection is a cyberattack where a fake page is created and inserted into a genuine website. It allows cybercriminals to secretly redirect users to other websites where their credentials and other private data can be stolen. URL injection is done through plug-ins, unsecured directories, or bugs in the software.

How to avoid URL injections

  • Inspect all pages as they go live, and look carefully for redirects.
  • If you detect fake pages, remove them and find how they were injected into your website to patch the vulnerability.
  • Perform penetration testing beforehand to prevent URL injections from happening in the first place.
  • Set up web application firewalls.